History

Jonathan Herrewijnen da14253312 Cleaning up code		2024-12-10 19:47:56 +01:00
..
__pycache__	belated commit (needs cleaning)	2024-12-10 18:58:47 +01:00
.vscode	patching introduced bugs	2024-12-09 10:51:36 +01:00
configs	belated commit (needs cleaning)	2024-12-10 18:58:47 +01:00
debugger	updated docs	2024-08-12 16:57:40 +02:00
stage1	Updating readme and adding some necessary binaries to run the exploit	2024-08-20 16:31:49 +02:00
.gitignore	bl1 authenticated and jumped to	2024-08-09 22:22:16 +02:00
exploit.py	Cleaning up code	2024-12-10 19:47:56 +01:00
exynos8890.dtsi	send/receive working	2024-08-02 15:51:35 +02:00
exynos8895-reference.dtsi	small docs update	2024-08-03 15:38:10 +02:00
exynos_poc.py	Cleaning up code	2024-12-10 19:47:56 +01:00
exynos.py	patching introduced bugs	2024-12-09 10:51:36 +01:00
ghidra.py	added normal boot mode	2024-08-16 10:11:18 +02:00
Readme.md	stage1 and debugger working	2024-08-05 14:51:04 +02:00
requirements.txt	belated commit (needs cleaning)	2024-12-10 18:58:47 +01:00
ttbr0_el3.pkl	modifies pointers to also debug boot MIB3	2024-11-05 17:30:09 +01:00

Exploit

Python implementation of Frederick's exploit. This gives a bit more insight in the bug.

Debugger

The debugger is used for chain loading the next stages. See the documentation folder for more docs

Navigate to stage1 and build it:

export ANDROID_NDK_ROOT=$TOOLCHAINENV/android-ndk-r21_Linux
make

This will build stage1

python3 exploit.py