Comments (4)
So sad, I can't bypass ASLR with that:
C:\adb>adb shell
shell@F01F:/ $ echo 0 > /proc/sys/kernel/randomize_va_space
/system/bin/sh: can't create /proc/sys/kernel/randomize_va_space: Permission denied
1|shell@F01F:/ $
Now I have level 2 (full randomization):
C:\adb>adb shell
shell@F01F:/ $ cat /proc/sys/kernel/randomize_va_space
2
shell@F01F:/ $
I'm also not allowed to create anything in /etc/
because that's read-only file system and no root, of course.
Nevertheless I tried to attach to android_server in IDA. But it doesn't see the phone's processes. I assume it's because I can't do su
.
Any ideas how to overcome this?
BTW thanks for the article on StageFright exploit. It's kinda useful on revealing the details.
from exploit.
That is only a device-depended PoC. You need to change the spray base for your device.
from exploit.
@huntcve
Could you tell me how I can determine this spray address? Is out there some manual or article for that?
Looking at the code I see that you have changed not only spray address (sp_addr
) but ROP pivot (newpc_val
) also. Where did you get those values?
upd:
It seems I've found a very basic step-by-step instruction. Now I have to check things out to see how they're going.
from exploit.
Closing this as no longer actual for me.
from exploit.
Related Issues (2)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from exploit.