timwr / cve-2014-3153 Goto Github PK
View Code? Open in Web Editor NEWCVE-2014-3153 aka towelroot
CVE-2014-3153 aka towelroot
Building on Mac OS X Darwin 16.5.0 with NDK-r13b.
$ make run
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_ABI=armeabi
[armeabi] Install : debugexploit => libs/armeabi/debugexploit
[armeabi] Install : libexploit.so => libs/armeabi/libexploit.so
adb push libs/armeabi/debugexploit /data/local/tmp/futex
libs/armeabi/debugexploit: 1 file pushed. 2.6 MB/s (42508 bytes in 0.016s)
adb shell "/data/local/tmp/futex 0 2 0 0"
error: only position independent executables (PIE) are supported.
Target device is LG Nexus 4, Android 5.1.1, Kernel version 3.4.0-perf-gdffc258 (8 Jul 2015), Build version LMY48T
When I try to make the code (using make test
), I get these errors:
[arm64-v8a] Compile : newroot <= newroot.c
./newroot.c:90:8: error: redefinition of 'mmsghdr'
struct mmsghdr {
^
/root/android-ndk/platforms/android-21/arch-arm64/usr/include/sys/socket.h:99:8: note:
previous definition is here
struct mmsghdr {
^
./newroot.c:360:14: error: assigning to 'sigset_t' from incompatible type 'int'
act.sa_mask = 0;
Does anyone have solutions?
Hi,
Thank you for you code.
I tested it on my two devices, LG G2(4.2.2) and Samsung Galaxy S4 LTE-A (4.4.2, SHV-E330S)
I got root on LG G2. but, Galaxy S4 was rebooted without rooting.(Galaxy S4 can be rooted via towelroot V3)
Device was rebooted after this line...
running with pid 4514
i have a client like hookers.
starting the dangerous things
0xdb99a000 is a good number
I think the error is occurred around this line
[newroot.c] line 709,
wake_actionthread(12);
I'm not sure what is the cause of the error exactly, may be kernel write? or searching another good number.
I try to fix the problem, could you help me? or let me know the problem.
hi:
timwr,i met an error by compiling this code .
arm-linux-androideabi-gcc: error: unrecognized command line option '-mno-thumb'
is my ndk version incorrect?
I always get this error, no matter the modstring given to futex
.
When I checked the code, it seems the config is not passed to the exploit. Here in the "main.c":
if (argc > 4) {
config_new_samsung = atoi(argv[1]);
config_iovstack = atoi(argv[2]);
config_offset = atoi(argv[3]);
config_force_remove = atoi(argv[4]);
}
init_exploit();
the arguments are received and set into variables. But these won't pass to init_exploit()
, so when int retval = waiter_exploit();
is called, waiter_exploit()
doesn't have any config_buf
(other than default) and thus, returns with error code 1.
there are many hardcode data structures specific for ARM architecture.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.