CVE-2019-2215

Android privilege escalation via an use-after-free in binder.c

CVE-2019-2215 Project Zero bug 1942

CVE-2019-2215 Copy and pasted from: bugschromiumorg/p/project-zero/issues/detail?id=1942 hernande/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/ githubcom/grant-h/qu1ckr00t/blob/master/native/pocc

panopticon-Donot blogptsecuritycom/2019/11/studying-donot-teamhtml blogsciscocom/security/talos/donots-firestarter-abuses-google-firebase-cloud-messaging-to-spread wwwtechnaducom/indian-sikhs-targeted-spyware-android-windows-apps/255604/ wwwamnestyorg/en/documents/afr57/4756/2021/en/ therecordmedia/apt-groups-from-china-russia-an

repo containing my own pocs / exploits

pocs repo containing my own pocs / exploits cve-2019-2215-exploitc an exploit for CVE-2019-2215, a use-after-free vulnerability in the Android Binder driver, it achieves arbitrary kernel r/w through pipes then achieves root by overwriting fields in the proc struct and then disables SELinux enforcing by overwriting the selinux_enforcing variable

Triggering and Analyzing Android Kernel Vulnerability CVE-2019-2215

Android Kernel Vulnerability Overview In November 2017 a use-after-free bug to linux kernel was detected by syzkaller system In February 2018 this was patched in some linux kernels and android versions This fix was never included in Android monthly security bulletins, so it was not patched in many newly released devices such as Pixel and Pixel2 In September 2019 android was

Merged From Old Account

Device Details for SHARP SH8996 (SHV34/506SH/AQUOS P1) (AL40/PA32/P1X) Basic Spec CPU 2 x Kryo 22Ghz + 2 x Kryo-LP 16Ghz Chipset Qualcomm Snapdragon 820 (MSM8996) GPU Adreno 530 ROM 32GB RAM 3GB Android 601->70->800 Kernel 31820->31831->31871 Battery 3000mAh Display 1920x1080pixels 53inches IGZO Rear Camera 226

A PoC application demonstrating the power of an Android kernel arbitrary R/W.

qu1ckr00t A PoC application demonstrating the power of an Android kernel arbitrary R/W (CVE-2019-2215) Writeup: hernande/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/ Qu1ckR00t is a PROOF OF CONCEPT It should NOT be used on your personal device with valuable userdata It has only been tested on a Pixel 2 Running it on any other device / kernel will likely

PoC for old Binder vulnerability (based on P0 exploit)

CVE-2019-2215 PoC for old Binder vulnerability (based on P0 exploit) Description A use-after-free in binderc allows an elevation of privilege from an application to the Linux Kernel No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network f

cve2019-2215-318 cve2019-2215 poc for 318 kernel Based on Maddie Stone's POC from bugschromiumorg/p/project-zero/issues/detail?id=1942 This is a fork of cve2019-2215-318 originally by arpruss as he/she stopped working on it as mention here forumxda-developerscom/t/root-with-cve-2019-22153979341/post-80694965 *This fork is actually a clone of https:/

Capstone This is my capstone project for Umass CS 590J (Cyber Effects) The task of this capstone project was to create an end to end working cyber effect My cyber effect leverages Chromium Issue 1710 and CVE-2019-2215 to gain remote code execution on a Google Pixel from a malicious phishing website I spent most of my time working on the exploit and I spent a little time on t

Exploit for Bad Binder

CVE-2019-2215 Exploit for Bad Binder writeup for this exploit This is strictly for education purpose only

Temproot for Bravia TV via CVE-2019-2215.

CVE-2019-2215 Temproot for Bravia TV via CVE-2019-2215 Overview Demonstration of a kernel memory R/W-only privilege escalation attack resulting in a temporary root shell It works on Sony Bravia TV devices running the Android 8 (PKG60724) firmware with kernel version 4951 For this tool to work on other devices and/or kernels affected by the same vulnerability, some offsets

CVE-2019-2215

CVE-2019-2215 CVE-2019-2215 POC for kernel 318 Based on Maddie Stone's POC from bugschromiumorg/p/project-zero/issues/detail?id=1942 How to use: adb push su98 /data/local/tmp adb push su98-memory-kallsyms /data/local/tmp adb shell G8231:/ $ cd /data/local/tmp G8231:/ $ chmod 755 * G8231:/data/local/tmp $ /su98-memory-kallsyms G8231:/data/local/tmp $ /su98 -c

cve2019-2215-318 cve2019-2215 poc for 318 kernel Based on Maddie Stone's POC from bugschromiumorg/p/project-zero/issues/detail?id=1942 This is a fork of cve2019-2215-318 originally by arpruss as he/she stopped working on it as mention here forumxda-developerscom/t/root-with-cve-2019-22153979341/post-80694965 *This fork is actually a clone of https:/

Awesome-Android-Vulnerability-Research Resources for Android/IOS vulnerability research All resource credits go to the respectful authors Books Android Hacker's Handbook Android Security Internals Android Security Research Playbook Youtube Videos maddiestone channel Billy Ellis Android Kernel Exploitation | Payatu Workshop Android Kernel Exploitation with Binder Use-

Temproot for Pixel 2 and Pixel 2 XL via CVE-2019-2215

CVE-2019-2215 DISCLAIMER: THE CODE PROVIDED HERE IS FOR EDUCATIONAL AND SHOWCASING PURPOSE ONLY I DO NOT SUPPORT, NOR TAKE ANY RESPONSIBILITY FOR ANYONE THAT USES THIS CODE (OR THE INFORMATION IN IT, OR ITS BUILD, OR ANYTHING IN THIS REPOSITORY) FOR ILLEGAL OR IMMORAL REASONS Credits Based on a proof-of-concept by Jann Horn & Maddie Stone of Google Project Zero Special

CVE 2019-2215 Android Binder Use After Free

CVE-2019-2215 Source: bugschromiumorg/p/project-zero/issues/detail?id=1942 bugschromiumorg/p/project-zero/issues/attachmentText?aid=414885 Samsung S7 and S7 Edge with Kernel 318x vulnerable (see githubcom/arpruss/cve2019-2215-318) Samsung S3Neo+ with LineageOS Kernel 340 possibly vulnerable (still in progress) Kernel 340 githubcom/

Android Ransomware Development - AES256 encryption + CVE-2019-2215 (reverse root shell) + Data Exfiltration

Rootsmart 20 w/ cve-2019-2215 + Ransomware Disclaimer This project is solely for educational purposes This project utilise code from rkshrksh/2048-Game and kangtastic/cve-2019-2215 Project Description This project is part of Singapore Institute of Technology Mobile Security module The project was done within 6 weeks and the aim of the project was to develop a malicious and

For Sharp Android One S1

SharpS1GetRoot For Sharp Android One S1 But NOT support the version after 00WW_5_180,it'll brick your phone How To before Android 9 via CVE-2019-2215 Download su98,and use "adb push /data/local/tmp && /data/local/tmp/su98" backup boot image with "dd" use magisk application to patch bootimg use fastboot to flash boot image into boot par

Awesome Netsec Articles This repository is a curated list of cool netsec articles from the last couple of years PRs are welcome Contents analysis android aws azure blue-team code-review cracking crypto embedded exploit google-cloud ios iot linux netpen red-team reversing web wireless Categories Analysis Smominru Botnet Undert the Hoddie 2019 China Chopper Still Active 9 Ye

Temproot for Pixel 2 and Pixel 2 XL via CVE-2019-2215

CVE-2019-2215 Temproot for Pixel 2 and Pixel 2 XL via CVE-2019-2215 (Based on a proof-of-concept by Jann Horn & Maddie Stone of Google Project Zero) Overview Demonstration of a kernel memory R/W-only privilege escalation attack resulting in a temporary root shell It works on Google Pixel 2/Pixel 2 XL (walleye/taimen) devices running the September 2019 QP1A190711020

panopticon-Donot blogptsecuritycom/2019/11/studying-donot-teamhtml blogsciscocom/security/talos/donots-firestarter-abuses-google-firebase-cloud-messaging-to-spread wwwtechnaducom/indian-sikhs-targeted-spyware-android-windows-apps/255604/ wwwamnestyorg/en/documents/afr57/4756/2021/en/ therecordmedia/apt-groups-from-china-russia-an

A full list of my starred repositories

Awesome Stars A curated list of my GitHub stars! Generated by stargazed 🏠 Contents Arduino (5) Batchfile (1) C (36) C# (8) C++ (53) CSS (5) D (1) Dart (1) EJS (1) Fennel (1) Go (10) HTML (14) Haskell (1) Java (19) JavaScript (52) Julia (1) Jupyter Notebook (5) Kotlin (4) Lua (3) Makefile (3) Nix (1) Objective-C (6) Others (74) PHP (19) Perl (5) PowerShell (7) Python (1

A "Xiaomi Redmi 5A (riva)" debloating list for use within the "hexapterygon"-tool

Intro A "Xiaomi Redmi 5A (riva)" (Excessively tested) debloating list for use within the Hexapterygon-tool (Disclaimer: I am not responsible for google play apps that may not work after :P) 💥 Results Here you can see a brief demonstration of how this device performs right now under a lot of presure ⚙️ Configure Before running hexapterygon make sure you : Disab

A fully public exploit of the CVE-2020-0022 BlueFrag Android RCE Vulnerability (tested on Pixel 3 XL)

CVE-2020-0022 Many thanks to Insinuator for their amazing blog post and code! Results All the steps mentioned in the insinuator post have been completed, and more These are a lot of steps to put in a READMEmd file, so feel free to check out the post from Insinuator mentioned above The exploit is fully complete up to the point where: The address attacker-controlled sufficien

android-kernel-exploitation-ashfaq-CVE-2019-2215 docker setup for mac users

android-kernel-exploitation-ashfaq-CVE-2019-2215 Docker image provided by user Robert Dan in the workshop android-kernel-exploitation-ashfaq-CVE-2019-2215

Exploit for CVE-2019-2215 (bad binder) for Huawei P20 Lite

Port CVE-2019-2215 (bad binder) to Huawei P20lite (Android 800) Description This project is an exploit for CVE-2019-2215 on Huawei P20lite in version Android 800 Kernel is in version 4423 This vulnerability is probably the most documented one (tutorials, real port on physical phone) on this topic and I have a vulnerable phone so this is a good starting point for learnin

mobile attack vectors and resources

Android Clipboard Data First clipper malware discovered on Google Play SHEIN app clipboard unintended exposure Application Tampering/Patching Agent Smith Device Rooting WyrmSpy and DragonEgg Camero - CVE-2019-2215 AbstractEmu Hooking Predator - hooking using YAHFA framework MITM Predator in The Wires Predator Webviews Vulnerability in TikTok Others Race conditions

Android Kernel Vulnerability (CVE-2019-2215) temporary root PoC

CVE-2019-2215 Android Kernel Vulnerability (CVE-2019-2215) temporary root PoC It works on Google Pixel 2/Pixel 2 XL (walleye/taimen) devices running the September 2019 QP1A190711020 image with kernel version-BuildID 44177-g83bee1dc48e8 Usage Now, Binary support arm64 only $ git clone githubcom/jsirichai/CVE-2019-2215git $ cd CVE-2019-2215 $ adb push bin/cv

CVE-2019-2215

前言 感谢r0ysue,送了我手机，白嫖的快感。 上一篇发了如何写一个hook框架，但是还是依赖于root权限，而在android平台，magisk就是root的代名词。所以开始了。。。。。 越狱概论 软件安全的崛起 软件安全所要解决的问题提是什么: 防攻击、防代码泄露。 那么为什么会有软件安全的问题，�