Open Jim52330 opened 5 months ago
What's the output of getprop ro.vendor.build.fingerprint
? You probably need to flash a former OTA version and adjust the offsets a bit. e.g. UP1A.231105.003
or UP1A.231005.007
Edit: The Pixel 6 comes with a different Mali GPU than the Pixel 7 and 7a, THUS WON'T WORK ON THE PIXEL 6. The driver shipped with the Pixel 6 simply doesn't provide the ioctl command that is needed for the kernel address leak. That's also why you will get Operation not permitted
when doing Ioctl (KBASE-IOCTL_TLSTREAM-ACQUIRE)
.
my pixel6.offset is google/oriole/oriole:14/UP1A.231105.003/11010452:user/release-keys
There are multiple reasons why this is not working but I need more debug logs. Checkout the bio on my github account and add me on Discord
The ioctl commands have been changed and need to be adjusted as well
For pixel 7pro , cheetah:14/UP1A.231105.003 is working. but cheetah:14/UP1A.231005.007/10754064 is not working. The original author has many bugs...
There are multiple reasons why this is not working but I need more debug logs. Checkout the bio on my github account and add me on Discord
The ioctl commands have been changed and need to be adjusted as well
OK。I will add you later.many thanks
What's the output of
getprop ro.vendor.build.fingerprint
? You probably need to flash a former OTA version and adjust the offsets a bit. e.g.UP1A.231105.003
orUP1A.231005.007
Hello, I am very sorry to bother you. I would like to know how this vulnerability can be replicated on Pixel7 in UQ1A.240105.004.A1 version. I have tried many times and have received the following prompt. I hope you can answer this for me. Thank you very much! [+] Target device: 'Google/partner/partner: 14/UQ1A. 240105.004. A1/11206926: user/release keys' 0xd10203ffd503233f 0xa9027bfdf800865e Ioctl (KBASE-IOCTL_TLSTREAM-ACQUIRE): Operation not permittedpoc. cpp: 743: int mali_exploit(): assignment "1==0&&" Unable to have tlstream fd "" failed Aborted
@KK825 It won't work with your version. The buffer underflow vulnerability is fixed on your device. You need to downgrade your phone to make it work.
@KK825 It won't work with your version. The buffer underflow vulnerability is fixed on your device. You need to downgrade your phone to make it work.
Thank you, sir. Thank you very much for taking the time to reply to my question. May I add your Discord account? Because I have other questions that I would like to consult with you. Thank you!
my pixel6.offset is google/oriole/oriole:14/UP1A.231105.003/11010452:user/release-keys
Does it work on Pixel 6 now? Mine is AP2A.240605.024. I'm interested on it too. Thanks
I test it on pixel6 .Error such as: ioctl(KBASE_IOCTL_VERSION_CHECK): Operation not permitted ioctl(KBASE_IOCTL_SET_FLAGS): Operation not permitted ioctl(KBASE_IOCTL_TLSTREAM_ACQUIRE): Operation not permittedpoc.cpp:734: int mali_exploit(): assertion "1 == 0 && "Unable to have tlstream fd"" failed Aborted
I test it on pixel6 .Error such as: ioctl(KBASE_IOCTL_VERSION_CHECK): Operation not permitted ioctl(KBASE_IOCTL_SET_FLAGS): Operation not permitted ioctl(KBASE_IOCTL_TLSTREAM_ACQUIRE): Operation not permittedpoc.cpp:734: int mali_exploit(): assertion "1 == 0 && "Unable to have tlstream fd"" failed Aborted