Nothing Phone 2a Bootloader Exploit Working
A new exploit called Fenrir targets the Nothing Phone 2a, CMF Phone 1 & other MediaTek-powered devices. It takes advantage of a flaw in how the phone starts up, allowing full control over the device before Android even loads. Even after waiting for 1 month, Nothing ignored the developer's bootloader vulnerability report affecting CMF Phone 1 and Phone 2a and thus developer made it exploit public.
When you power on your phone, it goes through several steps to make sure everything is secure and untampered. This is called the secure boot chain. Each of these steps is trusted only if the previous one verifies it.
1. BootROM – The first code built into the chip. It loads the next part.
2. Preloader – Loads the next component, called bl2_ext, and normally checks it.
3. bl2_ext – This runs at the highest privilege level (EL3) and is supposed to check everything else.
4. TEE (Trusted Execution Environment) – Handles secure operations like fingerprint data and encryption.
5. GenieZone – A MediaTek component that manages access to the secure system.
6. LK / AEE – Boots the Android operating system and handles crash logging.
7. Linux Kernel – This is Android. The phone is now fully booted.
This exploit abuses a flaw in the MediaTek boot chain. When the bootloader is unlocked (
Additionally, the included PoC also spoofs the device’s lock state as locked so you can pass strong integrity checks anywhere while being unlocked. Someone even managed to pass Basic, Device and Strong integrity on LineageOS for Phone 2a without rooting, spoofing, using pixel fingerprint or leaked keybox.
Vivo X80 Pro is also vulnerable & it has a more severe version of the flaw, as it fails to verify bl2_ext even with a locked bootloader. You can read more about the usage of exploit here:
https://github.com/R0rt1z2/fenrir
Follow @TechLeaksZone
A new exploit called Fenrir targets the Nothing Phone 2a, CMF Phone 1 & other MediaTek-powered devices. It takes advantage of a flaw in how the phone starts up, allowing full control over the device before Android even loads. Even after waiting for 1 month, Nothing ignored the developer's bootloader vulnerability report affecting CMF Phone 1 and Phone 2a and thus developer made it exploit public.
When you power on your phone, it goes through several steps to make sure everything is secure and untampered. This is called the secure boot chain. Each of these steps is trusted only if the previous one verifies it.
1. BootROM – The first code built into the chip. It loads the next part.
2. Preloader – Loads the next component, called bl2_ext, and normally checks it.
3. bl2_ext – This runs at the highest privilege level (EL3) and is supposed to check everything else.
4. TEE (Trusted Execution Environment) – Handles secure operations like fingerprint data and encryption.
5. GenieZone – A MediaTek component that manages access to the secure system.
6. LK / AEE – Boots the Android operating system and handles crash logging.
7. Linux Kernel – This is Android. The phone is now fully booted.
This exploit abuses a flaw in the MediaTek boot chain. When the bootloader is unlocked (
seccfg), the Preloader skips verification of the bl2_ext partition, even though bl2_ext is responsible for verifying everything that comes after it. So if bl2_ext it's not verified and can be modified, it compromises the entire secure boot process. The exploit modifies a function called sec_get_vfy_policy() inside bl2_ext, making it always return "0", so an unverified bl2_ext running at EL3 now happily loads unverified images for the rest of the boot chain.Additionally, the included PoC also spoofs the device’s lock state as locked so you can pass strong integrity checks anywhere while being unlocked. Someone even managed to pass Basic, Device and Strong integrity on LineageOS for Phone 2a without rooting, spoofing, using pixel fingerprint or leaked keybox.
Vivo X80 Pro is also vulnerable & it has a more severe version of the flaw, as it fails to verify bl2_ext even with a locked bootloader. You can read more about the usage of exploit here:
https://github.com/R0rt1z2/fenrir
Follow @TechLeaksZone
🗿92🤡12❤11👏8🤣7
Forwarded from vx-underground
tl;dr chinas firewall censorship thingy has massive leak. shows code and political ambitions and stuff
idk the significance because i dont study chinese network firewall sciency stuff. maybe one of you nerds is interested. its all available for download online now
https://gfw.report/blog/geedge_and_mesa_leak/en/
idk the significance because i dont study chinese network firewall sciency stuff. maybe one of you nerds is interested. its all available for download online now
https://gfw.report/blog/geedge_and_mesa_leak/en/
❤41😁5🤡4🙏3
Forwarded from GApps Leaks (Shiv (AssembleDebug))
Sideloading Restrictions, some updates from Google.
If you are a hobbyist/student - Free and Straightforward process but comes with limits on number of apps and installation.
As a developer, you will be able install apps with ADB without restrictions for testing purposes
@GappsLeaks
If you are a hobbyist/student - Free and Straightforward process but comes with limits on number of apps and installation.
As a developer, you will be able install apps with ADB without restrictions for testing purposes
@GappsLeaks
🤡129❤9🤪6
Forwarded from Nothing Fuckups
Nothing Phone 3 will be available for Rs. 35,000 (~400$) in India after exchange of Phone 1 or Phone 2
Including exchange, Nothing phone 3 lost more than 50% value in just 2½ months after the launch. My condolences to everyone who bought it at launch as you guys have been scammed in under 3 months
Follow @NothingFuckups
Including exchange, Nothing phone 3 lost more than 50% value in just 2½ months after the launch. My condolences to everyone who bought it at launch as you guys have been scammed in under 3 months
Follow @NothingFuckups
🤣142🤡19💔5⚡3❤1
BREAKING: Xiaomi 16 Series has been cancelled
To copy Apple 1:1, Xiaomi has decided to cancel the 16 series. That's because:
1. Since the iPhone 17 series exists in 2025, Xiaomi will also call it the Xiaomi 17 series.
2. As iPhone 17 Pro Max exists, Xiaomi will also launch a 3rd model which will be called Xiaomi 17 Pro Max
My dearest condolences to every Xiaomi user who plans to buy the flagship 17 series, because you will be seen in the world as a "poor man's iPhone" user. Heck even BBK or Oppo Group didn't change their flagship phones naming just to copy Apple
Follow @TechLeaksZone
To copy Apple 1:1, Xiaomi has decided to cancel the 16 series. That's because:
1. Since the iPhone 17 series exists in 2025, Xiaomi will also call it the Xiaomi 17 series.
2. As iPhone 17 Pro Max exists, Xiaomi will also launch a 3rd model which will be called Xiaomi 17 Pro Max
My dearest condolences to every Xiaomi user who plans to buy the flagship 17 series, because you will be seen in the world as a "poor man's iPhone" user. Heck even BBK or Oppo Group didn't change their flagship phones naming just to copy Apple
Follow @TechLeaksZone
🤣186🤡40❤7👍3☃2🆒1
iPad Mini ❌
Xiaomi Pad Mini ✅
The text beside the rear camera says "Gamma Antenna" for Xiaomi radiation
https://fixvx.com/Xiaomi/status/1967559136972886428
Xiaomi Pad Mini ✅
The text beside the rear camera says "Gamma Antenna" for Xiaomi radiation
https://fixvx.com/Xiaomi/status/1967559136972886428
vxTwitter / fixvx
Xiaomi (@Xiaomi)
Flagship performance now fits in just one hand.
Meet #XiaomiPadMini, your ultra-portable, productivity-ready sidekick. https://t.co/0gp3dcE2aW
Meet #XiaomiPadMini, your ultra-portable, productivity-ready sidekick. https://t.co/0gp3dcE2aW
🤡44❤7
Free Spotify users will now be able to use the app to some extent
https://fixvx.com/eldsjal/status/1967574486917759053
https://fixvx.com/eldsjal/status/1967574486917759053
vxTwitter / fixvx
💖 1.82K 🔁 94
💖 1.82K 🔁 94
Daniel Ek (@eldsjal)
We’ve heard the feedback about Spotify Free… what works, what doesn’t, what it could be. So now we’re giving it a real update for the first time since 2018.
🥱46🤡6🔥2🤣2❤1
Forwarded from GApps Leaks (Shiv (AssembleDebug))
Pixel 7 and 7 Pro users report battery swelling as issue spreads beyond 7a
✅ Details - https://piunikaweb.com/2025/09/15/pixel-7-and-7-pro-battery-swelling/
@GappsLeaks
✅ Details - https://piunikaweb.com/2025/09/15/pixel-7-and-7-pro-battery-swelling/
@GappsLeaks
😭53🤣31🤡9❤1💯1
Xiaomi 17 Pro Series Teased in China
Both Xiaomi 17 Pro as well as 17 Pro Max will feature "Magic Rear Screen" on the back while the 17 Ultra will debut next year.
The Xiaomi 17 series will launch next week and it also be the first smartphone to be powered by Snapdragon 8 Elite 2 or Snapdragon 8 Gen 5 or Snapdragon 8 Elite Gen 5 (however you wanna call it)
Follow @TechLeaksZone
Both Xiaomi 17 Pro as well as 17 Pro Max will feature "Magic Rear Screen" on the back while the 17 Ultra will debut next year.
The Xiaomi 17 series will launch next week and it also be the first smartphone to be powered by Snapdragon 8 Elite 2 or Snapdragon 8 Gen 5 or Snapdragon 8 Elite Gen 5 (however you wanna call it)
Follow @TechLeaksZone
🤡83⚡19❤7🆒5🤔1
Forwarded from vx-underground
🚨BREAKING 🚨
LINUX NERDS ARE MAD. THIS IS NOT A DRILL.
Linux nerds do NOT fuck around with performance.
Noted from The Lunduke Journal, "Ubuntu’s plan to replace the GNU Core Utils with Rust-based reimplementations is going exactly as poorly as predicted. Some Rust versions being 17 times slower than the battle tested GNU C / C++ version. And other Rust-based versions simply failing to work on large files."
LINUX NERDS ARE MAD. THIS IS NOT A DRILL.
Linux nerds do NOT fuck around with performance.
Noted from The Lunduke Journal, "Ubuntu’s plan to replace the GNU Core Utils with Rust-based reimplementations is going exactly as poorly as predicted. Some Rust versions being 17 times slower than the battle tested GNU C / C++ version. And other Rust-based versions simply failing to work on large files."
🤣89😐10❤4👍1
AOMedia Announced Year-End Launch of Next Generation Video Codec -- 'AV2'
The Alliance for Open Media (AOMedia) which works for open standards that power the next generation of media experiences, has announced year-end release of the upcoming launch of the next evolution in open video coding: AV2.
- significantly better compression performance than AV1
- enhanced support for AR/VR applications
- split-screen delivery of multiple programs
- improved handling of screen content
- ability to operate over a wider visual quality range
Read more at: https://aomedia.org/press%20releases/AOMedia-Announces-Year-End-Launch-of-Next-Generation-Video-Codec-AV2-on-10th-Anniversary/
Follow @TechLeaksZone
The Alliance for Open Media (AOMedia) which works for open standards that power the next generation of media experiences, has announced year-end release of the upcoming launch of the next evolution in open video coding: AV2.
- significantly better compression performance than AV1
- enhanced support for AR/VR applications
- split-screen delivery of multiple programs
- improved handling of screen content
- ability to operate over a wider visual quality range
Read more at: https://aomedia.org/press%20releases/AOMedia-Announces-Year-End-Launch-of-Next-Generation-Video-Codec-AV2-on-10th-Anniversary/
Follow @TechLeaksZone
❤56🔥18👌5🤡3🤯2🤣2😱1
Nothing OS 4.0 Teased
Features:
- Extra Dark Mode
- New Clocks in Lock Screen
- Updated Camera and Gallery Apps
- AI Usage Tracking
- AI Analysis but free for 500 minutes every month
- Pop-up View with 2 Apps for faster multi-tasking
- Redesigned Recorder App & About Page
- Whisper model in Essential Space ???
Follow @TechLeaksZone
Features:
- Extra Dark Mode
- New Clocks in Lock Screen
- Updated Camera and Gallery Apps
- AI Usage Tracking
- AI Analysis but free for 500 minutes every month
- Pop-up View with 2 Apps for faster multi-tasking
- Redesigned Recorder App & About Page
- Whisper model in Essential Space ???
Follow @TechLeaksZone
🔥71🤡25😴9❤7👍1