deviato
commented
4 months ago Yes I know, as I wrote in the Readme stage2.bin is compiled from the original PoC from TheOfficialFlow, which only prints the message. You have to replace stage2.bin with your own if you want to run payloads. The compiled stage1 and stage2 bins are in pppw.jar (which is a zip archive in reality). Alternatively you can push them to your sdcard, and then copy through a root adb shell to /data/data/it.deviato.droidppwn/lib following the same naming schema. So for fw 11.00 you have to name it stage2.1100. I cannot test payloads because I'm on 7.02 firmware, which doesn't support loading payloads, because Sistro stage2.c lacks offsets for firmwares <9.00.
sensi554
The "PPPwned" message appeared but the goldhen not loaded