linux-nerds.org

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Meta Quest 3/3s XR headsets finally rooted after 2 years

Technology

20 Beiträge 9 Kommentatoren 0 Aufrufe

U This user is from outside of this forum
U This user is from outside of this forum
utopiah@lemmy.world

schrieb zuletzt editiert von

#1

Meta XR headsets are very cheap for the performance they give. Unfortunately they require a Meta account and one can assume as much data as legally possibly is sent back to the advertising company.

For years now, since the Quest 1, those Android devices have not been rooted except for some specific version number of the Quest 2.

This recent work https://github.com/FreeXR/eureka_panther-adreno-gpu-exploit-1 makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

GitHub - FreeXR/eureka_panther-adreno-gpu-exploit-1: Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation.

Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation. - FreeXR/eureka_panther-adreno-gpu-exploit-1

GitHub (github.com)
F N K T L 5 Antworten Letzte Antwort

56
U utopiah@lemmy.world

Meta XR headsets are very cheap for the performance they give. Unfortunately they require a Meta account and one can assume as much data as legally possibly is sent back to the advertising company.

For years now, since the Quest 1, those Android devices have not been rooted except for some specific version number of the Quest 2.

This recent work https://github.com/FreeXR/eureka_panther-adreno-gpu-exploit-1 makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

GitHub - FreeXR/eureka_panther-adreno-gpu-exploit-1: Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation.

Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation. - FreeXR/eureka_panther-adreno-gpu-exploit-1

GitHub (github.com)
F This user is from outside of this forum
F This user is from outside of this forum
fiivemacs@lemmy.ca

schrieb zuletzt editiert von

#2

I should check if anyone's done this with the oculus rift..before they sold to that shit company. haven't used my VR headset since the popup showed to create some bullshit account
U 1 Antwort Letzte Antwort

4
F fiivemacs@lemmy.ca

I should check if anyone's done this with the oculus rift..before they sold to that shit company. haven't used my VR headset since the popup showed to create some bullshit account
U This user is from outside of this forum
U This user is from outside of this forum
utopiah@lemmy.world

schrieb zuletzt editiert von

#3

Rift isn't standalone so "just" using OpenHMD should work, cf https://lvra.gitlab.io/docs/hardware/#xr-devices for more comparability checks.
1 Antwort Letzte Antwort

6
U utopiah@lemmy.world

Meta XR headsets are very cheap for the performance they give. Unfortunately they require a Meta account and one can assume as much data as legally possibly is sent back to the advertising company.

For years now, since the Quest 1, those Android devices have not been rooted except for some specific version number of the Quest 2.

This recent work https://github.com/FreeXR/eureka_panther-adreno-gpu-exploit-1 makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

GitHub - FreeXR/eureka_panther-adreno-gpu-exploit-1: Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation.

Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation. - FreeXR/eureka_panther-adreno-gpu-exploit-1

GitHub (github.com)
N This user is from outside of this forum
N This user is from outside of this forum
not_rick@lemmy.world

schrieb zuletzt editiert von

#4

Reading this has me almost considering one. I feel like I still wouldn’t use it enough for it to be worth it.
U D 2 Antworten Letzte Antwort

1
N not_rick@lemmy.world

Reading this has me almost considering one. I feel like I still wouldn’t use it enough for it to be worth it.
U This user is from outside of this forum
U This user is from outside of this forum
utopiah@lemmy.world

schrieb zuletzt editiert von

#5

Well I would ask you to reconsider reconsidering. It's a very neat technical fear, arguably even an important one... but you would be giving money to Meta. So unless you really have to, because you work in the domain, maybe try to recycle a 2nd hand headset for a cheaper price and tinker with it as much as you want? Maybe even contribute to the rooting process by finding ways to remove the Meta account requirement altogether?

TL:DR: nobody needs a XR headset but if you do and you want to get a Meta one, get it 2nd hand.
N G 2 Antworten Letzte Antwort

2
U utopiah@lemmy.world

Well I would ask you to reconsider reconsidering. It's a very neat technical fear, arguably even an important one... but you would be giving money to Meta. So unless you really have to, because you work in the domain, maybe try to recycle a 2nd hand headset for a cheaper price and tinker with it as much as you want? Maybe even contribute to the rooting process by finding ways to remove the Meta account requirement altogether?

TL:DR: nobody needs a XR headset but if you do and you want to get a Meta one, get it 2nd hand.
N This user is from outside of this forum
N This user is from outside of this forum
not_rick@lemmy.world

schrieb zuletzt editiert von

#6

Yeah I’d find a used one for sure. Can’t stand Meta
1 Antwort Letzte Antwort

3
N not_rick@lemmy.world

Reading this has me almost considering one. I feel like I still wouldn’t use it enough for it to be worth it.
D This user is from outside of this forum
D This user is from outside of this forum
darkcloud@lemmy.world

schrieb zuletzt editiert von

#7

I have a Quest 1 which I still use everyday because it gives me a set exercise regime. Sideloaded a bunch of free indie titles that get me moving and it's worth it.

That seems to be a huge factor in terms of continued usage: Do you use it for regular exercise. Most people who stick with VR seem to get some exercise related quality of life out of the technology.
N 1 Antwort Letzte Antwort

1
D darkcloud@lemmy.world

I have a Quest 1 which I still use everyday because it gives me a set exercise regime. Sideloaded a bunch of free indie titles that get me moving and it's worth it.

That seems to be a huge factor in terms of continued usage: Do you use it for regular exercise. Most people who stick with VR seem to get some exercise related quality of life out of the technology.
N This user is from outside of this forum
N This user is from outside of this forum
not_rick@lemmy.world

schrieb zuletzt editiert von

#8

I played super hot on my friend’s quest 2, that was definitely a workout
1 Antwort Letzte Antwort

2
U utopiah@lemmy.world

Meta XR headsets are very cheap for the performance they give. Unfortunately they require a Meta account and one can assume as much data as legally possibly is sent back to the advertising company.

For years now, since the Quest 1, those Android devices have not been rooted except for some specific version number of the Quest 2.

This recent work https://github.com/FreeXR/eureka_panther-adreno-gpu-exploit-1 makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

GitHub - FreeXR/eureka_panther-adreno-gpu-exploit-1: Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation.

Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation. - FreeXR/eureka_panther-adreno-gpu-exploit-1

GitHub (github.com)
K This user is from outside of this forum
K This user is from outside of this forum
kolanaki@pawb.social

schrieb zuletzt editiert von kolanaki@pawb.social

#9

Yesssssss!

Using root on META Quest 3/3S is very dangerous SINGLE CHANGE IN THE BOOTLOADER PARTITION WILL RESULT IN A HARD BRICK AND MAKE YOUR DEVICE UNUSABLE!!! requiring one to unsolder the UFS chip and reprogramming it with external (and expensive) hardware. Reflashing the device via EDL is impossible due to Meta refusing to provide the users the cryptographical keys needed to authentificate secure boot on QFPROM implemetation.

Ehhhhh.... Maybe I'll wait a bit...
L U 2 Antworten Letzte Antwort

5
U utopiah@lemmy.world

Meta XR headsets are very cheap for the performance they give. Unfortunately they require a Meta account and one can assume as much data as legally possibly is sent back to the advertising company.

For years now, since the Quest 1, those Android devices have not been rooted except for some specific version number of the Quest 2.

This recent work https://github.com/FreeXR/eureka_panther-adreno-gpu-exploit-1 makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

GitHub - FreeXR/eureka_panther-adreno-gpu-exploit-1: Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation.

Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation. - FreeXR/eureka_panther-adreno-gpu-exploit-1

GitHub (github.com)
T This user is from outside of this forum
T This user is from outside of this forum
tabular@lemmy.world

schrieb zuletzt editiert von

#10

Waiting on a software freedom-respecting headset.
U 1 Antwort Letzte Antwort

3
U utopiah@lemmy.world

Well I would ask you to reconsider reconsidering. It's a very neat technical fear, arguably even an important one... but you would be giving money to Meta. So unless you really have to, because you work in the domain, maybe try to recycle a 2nd hand headset for a cheaper price and tinker with it as much as you want? Maybe even contribute to the rooting process by finding ways to remove the Meta account requirement altogether?

TL:DR: nobody needs a XR headset but if you do and you want to get a Meta one, get it 2nd hand.
G This user is from outside of this forum
G This user is from outside of this forum
greyeyedghost@lemmy.ca

schrieb zuletzt editiert von

#11

I'm kind of curious. Is the Quest 3 actually profitable, or is it a loss leader? If it's the latter, I'd be even more inclined to take their product and have them lose money in the process.
S U 2 Antworten Letzte Antwort

0
G greyeyedghost@lemmy.ca

I'm kind of curious. Is the Quest 3 actually profitable, or is it a loss leader? If it's the latter, I'd be even more inclined to take their product and have them lose money in the process.
S This user is from outside of this forum
S This user is from outside of this forum
sheogorath@lemmy.world

schrieb zuletzt editiert von

#12

High probability of it being a loss leader with its specs. So if you were to buy and root it they'll definitely lose money.

However, the bootloader unlock process is still quite dangerous so you might end up with an expensive paper weight.
G 1 Antwort Letzte Antwort

0
S sheogorath@lemmy.world

High probability of it being a loss leader with its specs. So if you were to buy and root it they'll definitely lose money.

However, the bootloader unlock process is still quite dangerous so you might end up with an expensive paper weight.
G This user is from outside of this forum
G This user is from outside of this forum
greyeyedghost@lemmy.ca

schrieb zuletzt editiert von

#13

Yeah, i saw that note later. I can wait.
1 Antwort Letzte Antwort

0
K kolanaki@pawb.social

Yesssssss!

Using root on META Quest 3/3S is very dangerous SINGLE CHANGE IN THE BOOTLOADER PARTITION WILL RESULT IN A HARD BRICK AND MAKE YOUR DEVICE UNUSABLE!!! requiring one to unsolder the UFS chip and reprogramming it with external (and expensive) hardware. Reflashing the device via EDL is impossible due to Meta refusing to provide the users the cryptographical keys needed to authentificate secure boot on QFPROM implemetation.

Ehhhhh.... Maybe I'll wait a bit...
L This user is from outside of this forum
L This user is from outside of this forum
ledgedrop@lemmy.zip

schrieb zuletzt editiert von

#14

Actually, those steps are the ones necessary to recover from a hard brick (re: the device is unusable because you did something you shouldn't have as root).

The actual process to root the device is simply running a few adb commands (so a prereq is having Developer Mode enabled).

Once you have ran the exploit, your root escalation is temporary until the device is rebooted or you take additional steps to persists your root privileges (thus, potentially leading you towards a hard brick).

source: The docs
K 1 Antwort Letzte Antwort

1
U utopiah@lemmy.world

Meta XR headsets are very cheap for the performance they give. Unfortunately they require a Meta account and one can assume as much data as legally possibly is sent back to the advertising company.

For years now, since the Quest 1, those Android devices have not been rooted except for some specific version number of the Quest 2.

This recent work https://github.com/FreeXR/eureka_panther-adreno-gpu-exploit-1 makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

GitHub - FreeXR/eureka_panther-adreno-gpu-exploit-1: Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation.

Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enabling arbitrary kernel memory read/write and privilege escalation. - FreeXR/eureka_panther-adreno-gpu-exploit-1

GitHub (github.com)
L This user is from outside of this forum
L This user is from outside of this forum
ledgedrop@lemmy.zip

schrieb zuletzt editiert von

#15

... makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

Any ideas which version(s) are susceptible? I couldn't find it mentioned.
U 1 Antwort Letzte Antwort

0
L ledgedrop@lemmy.zip

... makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

Any ideas which version(s) are susceptible? I couldn't find it mentioned.
U This user is from outside of this forum
U This user is from outside of this forum
utopiah@lemmy.world

schrieb zuletzt editiert von

#16
- Quest 3: v79 5115411.12900.520 (August 7, 2025) and below, to about version v71.
- Quest 3S: v79 117688.9900.610 (August 6, 2025) and below, to about version v71.
according to https://github.com/zhuowei/cheese/tree/main?tab=readme-ov-file#supported-versions
1 Antwort Letzte Antwort

0
T tabular@lemmy.world

Waiting on a software freedom-respecting headset.
U This user is from outside of this forum
U This user is from outside of this forum
utopiah@lemmy.world

schrieb zuletzt editiert von

#17
Recommendations
- Valve Index but it's not standalone. It's "just" a headset so what you do with it is up to you, no need to register anything with Valve, nor have Steam (even though SteamVR is convenient) and works on Linux. With Proton even the latest indie VR games work. IMHO also Half-life: Alyx is in itself worth it.
- Lynx-XR1 that can already be rooted https://lynx.miraheze.org/wiki/Rooting_Process (which I did few months ago) but arguably their customization of Android isn't as convenient as what Meta did. For tinkerers though and if you can actually get one, it's great. Also no account required.
There are others, e.g. https://simulavr.com/ which is standalone and Linux proper (not Android), but I haven't tried so I can't vouch for them.
1 Antwort Letzte Antwort

1
G greyeyedghost@lemmy.ca

I'm kind of curious. Is the Quest 3 actually profitable, or is it a loss leader? If it's the latter, I'd be even more inclined to take their product and have them lose money in the process.
U This user is from outside of this forum
U This user is from outside of this forum
utopiah@lemmy.world

schrieb zuletzt editiert von

#18

Good point, based on how much Meta spends on their XR department I wouldn't be shocked if the hardware itself is also losing money and used as a kind of innovation-washing marketing strategy. That said I'd still recommend buying 2nd hand so that it's cheaper and doesn't register on their book as a sale. Also no purchase information shared with Meta.
1 Antwort Letzte Antwort

0
K kolanaki@pawb.social

Yesssssss!

Using root on META Quest 3/3S is very dangerous SINGLE CHANGE IN THE BOOTLOADER PARTITION WILL RESULT IN A HARD BRICK AND MAKE YOUR DEVICE UNUSABLE!!! requiring one to unsolder the UFS chip and reprogramming it with external (and expensive) hardware. Reflashing the device via EDL is impossible due to Meta refusing to provide the users the cryptographical keys needed to authentificate secure boot on QFPROM implemetation.

Ehhhhh.... Maybe I'll wait a bit...
U This user is from outside of this forum
U This user is from outside of this forum
utopiah@lemmy.world

schrieb zuletzt editiert von

#19

It is indeed a risk AND you must pin your current OS version, so no new update including no new feature (not sure which one one would need for now though) but more importantly no security updates.

That being said... if you do not actively try to mess it up, i.e. doing precisely what has been warned against NOT doing, it should be safe.

In doubt, if you can't afford another headset, have no actual need for rooting and have never done that before, definitely safer to wait.
1 Antwort Letzte Antwort

0
L ledgedrop@lemmy.zip

Actually, those steps are the ones necessary to recover from a hard brick (re: the device is unusable because you did something you shouldn't have as root).

The actual process to root the device is simply running a few adb commands (so a prereq is having Developer Mode enabled).

Once you have ran the exploit, your root escalation is temporary until the device is rebooted or you take additional steps to persists your root privileges (thus, potentially leading you towards a hard brick).

source: The docs
K This user is from outside of this forum
K This user is from outside of this forum
kolanaki@pawb.social

schrieb zuletzt editiert von

#20

Actually, those steps are the ones necessary to recover from a hard brick (re: the device is unusable because you did something you shouldn't have as root).

I get that; the whole reason I want to root it is to FAFO tho. So I'll wait until the worst I could do is need to factory reset it. lol
1 Antwort Letzte Antwort

0

Anmelden zum Antworten

R

Pentagon to start using Grok as part of a $200 million contract with Elon Musk's xAI
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
114

1

574 Stimmen

114 Beiträge

3k Aufrufe

T

a toddler giving another toddler some milk.
D

OpenAI wins $200m contract with US military for ‘warfighting’
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
42

1

282 Stimmen

42 Beiträge

381 Aufrufe

G

[image: 8aff8b12-7ed7-4df5-b40d-9d9d14708dbf.gif]
B

Help Mikayla Raines get justice! Make noise and let the press know about Reddit safegaurding r/saveafoxsnark even after a poor innocent women commited suicide!
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
1

2

6 Stimmen

1 Beiträge

19 Aufrufe

Niemand hat geantwortet
T

Microsoft’s new genAI model to power agents in Windows 11
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
12

1

30 Stimmen

12 Beiträge

112 Aufrufe

U

which one would sell more I mean they would charge a lot of money for the stripped down one because it doesn't allow them to monetize it on the back end, and the vast majority would continue using the resource-slurping ad-riddled one.
F

Resurrecting a dead torrent tracker and finding 3 million peers
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
59

321 Stimmen

59 Beiträge

616 Aufrufe

I

Yeah i suppose any form of payment that you have to keep secret for some reason is a reason to use crypto, though I struggle to imagine needing that if you're not doing something dodgy imagine you’re a YouTuber and want to accept donations: that will force you to give out your name to them, which they could use to get your address and phone number. There’s always someone that hates you, and I rather not have them knowing my personal info Wat. Crypto is not good at solving that, it's in fact much much worse than traditional payment methods. There's a reason scammers always want to be paid in crypto if you’re the seller then it’s a lot better. With the traditional banking system, with enough knowledge you can cheat both sides: stolen cards, abusive chargebacks, bank accounts in other countries under fake name/fake ID… Crypto simplifies scamming when the seller, and pretty much makes it impossible for buyers What specifically are you boycotting? Card payments, international tranfers, national transfers taking days to complete, money being seizable at all times many banks lose money on them Their plans are basically all focused on the card you get. Pretty sure they make money with it, else many wouldn’t offer cash back (selling infos and getting a fee from card payments?) if you think the people that benefit from you using crypto (crypto exchange owners and billionaires that own crypto etc.) are less evil than goverment regulated banks, you're deluded. Banks are evil anyways, does it really change anything? The difference is that it technically helps everyone using crypto, not only the rich. Plus P2P exchanges are a thing You'll spend more money using crypto for that, not less That’s just factually false. Do you know the price of a swift transfer? Now compare it to crypto tx fees, with many being under $0.01
T

GitHub is Leaking Trump’s Plans to 'Accelerate' AI Across Government
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
15

1

281 Stimmen

15 Beiträge

152 Aufrufe

F

Magats wanted people with their same mental capacity to run things and oh look, it’s lots of incompetence
N

Ai Code Commits
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
37

1

164 Stimmen

37 Beiträge

520 Aufrufe

M

From what I know, those agents can be absolutely fantastic as long as they run under strict guidance of a senior developer who really knows how to use them. Fully autonomous agents sound like a terrible idea.
P

Mozilla is shutting down Pocket, their read-it-later and content discovery app, and Fakespot, their browser extension that analyzes the authenticity of online product reviews.
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
12

1

4 Stimmen

12 Beiträge

128 Aufrufe

G

Yeah, I don’t know how they’re doing it. They’re using some “zero trust” system. It’s beyond me.