timwr / cve-2014-3153 Goto Github PK

Building on Mac OS X Darwin 16.5.0 with NDK-r13b.

$ make run
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_ABI=armeabi
[armeabi] Install        : debugexploit => libs/armeabi/debugexploit
[armeabi] Install        : libexploit.so => libs/armeabi/libexploit.so
adb push libs/armeabi/debugexploit /data/local/tmp/futex
libs/armeabi/debugexploit: 1 file pushed. 2.6 MB/s (42508 bytes in 0.016s)
adb shell "/data/local/tmp/futex 0 2 0 0"
error: only position independent executables (PIE) are supported.

Target device is LG Nexus 4, Android 5.1.1, Kernel version 3.4.0-perf-gdffc258 (8 Jul 2015), Build version LMY48T

When I try to make the code (using make test), I get these errors:

[arm64-v8a] Compile        : newroot <= newroot.c
./newroot.c:90:8: error: redefinition of 'mmsghdr'
struct mmsghdr {
       ^
/root/android-ndk/platforms/android-21/arch-arm64/usr/include/sys/socket.h:99:8: note: 
      previous definition is here
struct mmsghdr {
   
    ^

./newroot.c:360:14: error: assigning to 'sigset_t' from incompatible type 'int'
        act.sa_mask = 0;

Does anyone have solutions?

i can't run with 4.2.2:
i was build bu your code and still:

shell@Coolpad8297W:/data/local/tmp $ ./toor id
./toor id
running with pid 7272
i have a client like hookers.

Hi,

Thank you for you code.

I tested it on my two devices, LG G2(4.2.2) and Samsung Galaxy S4 LTE-A (4.4.2, SHV-E330S)
I got root on LG G2. but, Galaxy S4 was rebooted without rooting.(Galaxy S4 can be rooted via towelroot V3)

Device was rebooted after this line...

running with pid 4514
i have a client like hookers.
starting the dangerous things
0xdb99a000 is a good number

cpid1 resumed <-- After this line!!

I think the error is occurred around this line

[newroot.c] line 709,

wake_actionthread(12);

I'm not sure what is the cause of the error exactly, may be kernel write? or searching another good number.

I try to fix the problem, could you help me? or let me know the problem.

hi:
timwr,i met an error by compiling this code .
arm-linux-androideabi-gcc: error: unrecognized command line option '-mno-thumb'
is my ndk version incorrect?

I always get this error, no matter the modstring given to futex.

When I checked the code, it seems the config is not passed to the exploit. Here in the "main.c":

if (argc > 4) {
		config_new_samsung = atoi(argv[1]);
		config_iovstack = atoi(argv[2]);
		config_offset = atoi(argv[3]);
		config_force_remove = atoi(argv[4]);
	}

	init_exploit();

the arguments are received and set into variables. But these won't pass to init_exploit(), so when int retval = waiter_exploit(); is called, waiter_exploit() doesn't have any config_buf (other than default) and thus, returns with error code 1.

there are many hardcode data structures specific for ARM architecture.

i can't root use the newroot.c