search

jcadduono / android_external_dirtycow

CVE-2016-5195 (dirtycow/dirtyc0w) - recowvery fork
https://build.nethunter.com/android-tools/dirtycow/
146 stars 37 forks source link

should I download the whole source code to compile this? #10

Open elichai opened 7 years ago

elichai commented 7 years ago

Hi, I'm trying to compile this for the Galaxy S7 (935F), and I'm trying to understand if I need to download the whole Samsung opensource for my device via repo somehow. Or I didn't understood what you meant and I just need to feed the dirtycow.xml to repo somehow?

Thank you.

droidvoider commented 7 years ago

This example on this repo is meant to compile on your device.. To use his examples on other devices you can compile a couple different ways.. I am not a great teacher. This is complicated stuff maybe, hopefully this is helpful

I realize this is a late reply but I want to answer this for others.

  1. Method 1 for compiling aosp sources is to to use the aosp make system. This is actually the entire branch of Android for your phone on a Linux computer, not Windows or Mac, that's a huge time sync, just use Ubuntu.

  2. It is also c programming there is nothing specialized about it at all. So if you want to open a shared library you can see how timwr did this with dirtycow in his run-as example.

But any time you need to compile something aosp proper, such as an exploited but still working app_process, you should just use aosp. Do little tests by opening shared libraries using dirtycow proof of concept, run-as.c style dlopen..

timwr's exploited run-as.c dlopen section.. (this is inside a function, like main) It will open the shared library on your phone when you execute it (but you don't need aosp to compile it)

ifdef aarch64

void * selinux = dlopen("/system/lib64/libselinux.so", RTLD_LAZY);

else

void * selinux = dlopen("/system/lib/libselinux.so", RTLD_LAZY);

endif