Closed ath-inactive-account closed 3 years ago
This vulnerability necessitates the use of a ROP chain to run attacker-specified code. Have a look at https://github.com/JonathanSalwan/ROPgadget for this. Pwntools also includes ROPgadget functionality and also has some arm and thumb shellcodes included.
For debugging com.android.bluetooth, gdb and gdbserver can be used.
Thank you very much sir :D
Are you planning on releasing an example code for a ROP chain? I can't figure out how to do this.
Hey ojasookert, great job ! This code is way easier to understand that marsyy's code in C. I wan't to do some extensive research on this, do you know where can I find some shellcodes for arm or arm64 ? shell-storm.org is full of execve shellcodes and I'm looking for one that create a file, or something else that we can check (I can't debug com.android.bluetooth)