-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
58ed5d8
commit b1f58bd
Showing
1 changed file
with
46 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,44 +1,54 @@ | ||
| - https://s-pscripts.github.io/asr-exploit/ - | ||
|
|
||
| ASR Webview: | ||
| asr-exploit | ||
| This webview was found by me, S-PScripts. | ||
|
|
||
| Notes: | ||
| Discovery: | ||
| -> ASR was one of the two apps our school allowed from the Play Store, the other being myViewboard WhiteBoard. Unlike myViewboard, ASR was force-installed without any way to uninstall it. | ||
| -> I knew that this app had to have a webview somewhere. I had tried finding it for quite a bit but couldn't find any... but I eventually found it! At 11:00pm... | ||
|
|
||
| -> I knew that this app had to have a webview somewhere but every time I checked I couldn’t find any. | ||
|
|
||
| -> Even though I had already managed to find one in myViewboard (https://github.com/S-PScripts/myviewboard-exploit), I was determined to find one in ASR. | ||
|
|
||
| -> And eventually I managed to do it! At 11:00pm.. | ||
|
|
||
| -> Enough of me talking now, here are the instructions. | ||
|
|
||
| Instructions: | ||
| 1. Go to the download page for ASR here: https://play.google.com/store/apps/details?id=com.nll.asr&referrer=utm_source%3Dwebsite%26utm_medium%3Dhome-page | ||
| 2. Install ASR. If you can't, you cannot do this exploit. | ||
| 3. Open ASR. | ||
| 4. Click the 3 dots icon at the top right. | ||
| 5. Click Settings. | ||
| 6. After the settings window opens, click the Cloud Services section. | ||
| 7. Click the green + Add button at the bottom right. | ||
| 8. Click OneDrive/Business. | ||
| 9. Click the green Connect to the service button. | ||
| 10. A Microsoft sign-in screen will appear... (yep, you know what happens now) | ||
| 11. Click Sign-in options. | ||
| 12. Click Sign in with Github. | ||
| 13. Click the Github logo. | ||
| 14. In the search box at the top right, type Google. | ||
| 15. Click Search all of Github. | ||
| 16. Click the Google link in the infobox about Google to the right of the screen. | ||
| 17. You are in Google and all websites are unblocked! | ||
| 18. As there are no tabs, use the forward and back keys on the top row of your keyboard. | ||
|
|
||
| Notes: | ||
| -> You can also use Box for Step 8 to get onto Google. Here's how: | ||
| 8. Click Box. | ||
| 9. Click the green Connect to the service button. | ||
| 10. After the authenticating screen, a box sign-in screen will show up. Click Terms of Service or Privacy Policy. | ||
| 11. On the cookie popup at the bottom that shows up (with the Accept all, Reject all and Customize buttons), click on "here" in the second/last sentence. | ||
| 12. On the cookie notice page, scroll down a bit to see a table. | ||
| 13. Find Google in this table (second column) and look at the third column next to it. | ||
| 14. In this third column, click the first "here". | ||
| 15. Scroll to the bottom on the Google Privacy page. | ||
| 16. Click the small grey Google text. | ||
| 17. You are in Google and all websites are unblocked! | ||
| 18. As there are no tabs, use the forward and back keys on the top row of your keyboard. | ||
| Go to the download page for ASR here: https://play.google.com/store/apps/details?id=com.nll.asr&referrer=utm_source%3Dwebsite%26utm_medium%3Dhome-page | ||
| Install ASR. If you can’t, you cannot do this exploit. | ||
| Open ASR and accept the privacy policy. | ||
| It will make you click all the buttons in the recorder to continue. Once you’ve done that, click the 3 dots icon at the top right. | ||
| Click Settings. | ||
| After the settings window opens, click the Cloud Services section. | ||
| Click the green + Add button at the bottom right. | ||
| Follow one of the two methods below. I recommend Method 1 (since it’s used in most webviews and it’s probably easier to do). | ||
| Method 1: | ||
| Click OneDrive/Business. | ||
| Click the green Connect to the service button. | ||
| A Microsoft sign-in screen will appear. If you’ve seen other webviews, you probably know what will happen now. | ||
| Click Sign-in options. | ||
| Click Sign in with Github. | ||
| Click the Github logo. | ||
| In the search box at the top right, type Google. | ||
| Click Search all of Github. | ||
| Click the Google link in the infobox about Google to the right of the screen. | ||
| You are in Google and all websites are unblocked! | ||
| As there are no tabs, use the forward and back keys on the top row of your keyboard. | ||
| Method 2: | ||
| Click Box. | ||
| Click the green Connect to the service button. | ||
| After the authenticating screen, a box sign-in screen will show up. Click Terms of Service or Privacy Policy. | ||
| On the cookie popup at the bottom that shows up (with the Accept all, Reject all and Customize buttons), click on “here” in the second/last sentence. | ||
| On the cookie notice page, scroll down a bit to see a table. | ||
| Find Google in this table (second column) and look at the third column next to it. | ||
| In this third column, click the first “here”. | ||
| Scroll to the bottom on the Google Privacy page. | ||
| Click the small grey Google text. | ||
| You are in Google and all websites are unblocked! | ||
| As there are no tabs, use the forward and back keys on the top row of your keyboard. | ||
| Issues: | ||
| -> It’s a bit slow and images load slowly/don’t load correctly. | ||
|
|
||
| Credits: | ||
| S-PScripts (me) | ||
| S-PScripts (me) | https://github.com/S-PScripts |