How long the exploit should take?

[FoxieFlakey]

How long the exploit should take?

It never completes even i leave it 48 hours

~/exploit $ ./exploit
WARNING: linker: /data/data/com.termux/files/home/exploit/poc3: unsupported flags DT_FLAGS_1=0x8000001
spray_pipes: 0x780
spray done... 

its stuck here for very long time(also i ignore the linker warning its will disappear after stripping the binary) htop report the exploit does doing processing (sometime its in interruptible sleep)

compile command: ~/Android/Sdk/ndk/23.1.7779620/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android24-clang exploit.c -o exploit then i transfer the executable to my android phone

uname -a: Linux localhost 3.18.31-perf-g810e576 #1 SMP PREEMPT Mon Aug 10 11:41:32 CST 2020 aarch64 Android

Android 7.1.1 CHP1801

Also its exploit for CVE-2015-1805

[snorez]

Oh,, this poc is very old... I didn't test this on Android. However, you may rewrite the code and check the modprobe_path(This may not be available on Android): grep modprobe_path /proc/kallsyms cat /proc/sys/kernel/modprobe

Line 48

unsigned long target_addr = 0xffffffff81aa40e0;

[FoxieFlakey]

ye not available grep modprobe_path /proc/kallsyms show 0 which is same for every kernel symbols

[FoxieFlakey]

but if it where correct target_addr how long it should take for you

[snorez]

30 seconds, I guess.

[FoxieFlakey]

and access denied for cat /proc/sys/kernel/modprobe