CVE-2020-0022

poc for cve-2020-0022

cve-2020-0022 poc for cve-2020-0022 usage gcc pocc -lbluetooth -o poc poc MAC_ADDR info This poc should be stable on android 810,once it run into truncating packet, crash But it cloud be very unstable, on Samsung s9 plus surely unstable Run poc on raspberry pi 3B has been tested okay run ubuntu/arch with vmware in windows 10 on thinkpad x1c 2018 or ubuntu with pd in mac

Details of CVE-2020-14292

CVE-2020-14292: A bluetooth transport issue in COVIDSafe App Author: Alwen Tiu, The Australian National University Last updated: 2020-09-08 Summary In the COVIDSafe application through 1021 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, w

CVE-2020-0022 vulnerability exploitation on Bouygues BBox Miami (Android TV 8.0 - ARM32 Cortex A9)

######################################################################################## CVE-2020-0022 vulnerability exploitation on Bouygues BBox Miami Android TV 80 - ARM32 Cortex A9 By Polo35 - 2020/08/24 ######################################################################################## "Usage: python polo_exploitpy target_bt_mac [target_adb_ip, shell_command, d

This is a RCE bluetooth vulnerability on Android 8.0 and 9.0

Bluefrag_CVE-2020-0022 This is a RCE bluetooth vulnerability on Android 80 and 90 The test python scripts in the folder cve-2020-0022 are from insinuatornet/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/ The original download hyperlink is insinuatornet/wp-content/uploads/2020/04/cve_2020_0022_exporttar-1gz Other crash script r

AndroidBlueFragCVE CVE 2020-0022 Android Bluetooth Zero Click RCE/ BlueFrag kasra abdollahi: 97106121 mohammad heydari: 97110071

cve-2020-0022相关的一些东西

cve-2020-0022 cve-2020-0022相关的一些东西

cve-2020-0022

cve-2020-0022 poc for cve-2020-0022 usage gcc pocc -lbluetooth -o poc poc MAC_ADDR info This poc should be stable on android 810,once it run into truncating packet, crash But it cloud be very unstable, on Samsung s9 plus surely unstable Run poc on raspberry pi 3B has been tested okay run ubuntu/arch with vmware in windows 10 on thinkpad x1c 2018 or ubuntu with pd in mac

BlueFrag experiments

CVE-2020-0022 Seems like Android 9-6 have similar Bluetooth subsystem, Android 5 and 4 are different Android 90 BlueFrag experiments Patch: androidgooglesourcecom/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf Below I hit the patched condition OK I think I got it, but somehow I cannot crash the process hmmmm Actually, managed to get signed length

A fully public exploit of the CVE-2020-0022 BlueFrag Android RCE Vulnerability (tested on Pixel 3 XL)

CVE-2020-0022 Many thanks to Insinuator for their amazing blog post and code! Results All the steps mentioned in the insinuator post have been completed, and more These are a lot of steps to put in a READMEmd file, so feel free to check out the post from Insinuator mentioned above The exploit is fully complete up to the point where: The address attacker-controlled sufficien

Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging

Frankenstein provides a virtual environment to fuzz wireless firmwares Firmwares can be hooked during runtime to extract their current state (ie, xmitstate through InternalBlue) Then, they can be re-executed in a virtual environment for fuzzing To do so, the firmware image needs to be reassembled to an ELF file that can be executed with QEMU The firmware image reassembly