Samsung_S7/source/exploit
2024-09-17 20:06:49 +02:00
..
.vscode Now booting into USB recovery. Not yet jumping back to the debugger at each boot stage 2024-08-16 18:15:53 +02:00
debugger updated docs 2024-08-12 16:57:40 +02:00
stage1 Updating readme and adding some necessary binaries to run the exploit 2024-08-20 16:31:49 +02:00
.gitignore bl1 authenticated and jumped to 2024-08-09 22:22:16 +02:00
exploit.py Returns to debugger and allows booting into recovery. Patching BL33 does not work. Should try patching the verification 2024-09-17 20:06:49 +02:00
exynos8890.dtsi send/receive working 2024-08-02 15:51:35 +02:00
exynos8895-reference.dtsi small docs update 2024-08-03 15:38:10 +02:00
ghidra.py added normal boot mode 2024-08-16 10:11:18 +02:00
Readme.md stage1 and debugger working 2024-08-05 14:51:04 +02:00
TTBR0_EL3: 0xbc46508b2f14e0 Cleaning up code and rewriting documentation. Now mostly finalized. 2024-09-10 18:59:32 +02:00

Exploit

Python implementation of Frederick's exploit. This gives a bit more insight in the bug.

Debugger

The debugger is used for chain loading the next stages. See the documentation folder for more docs

Usage

Navigate to stage1 and build it:

export ANDROID_NDK_ROOT=$TOOLCHAINENV/android-ndk-r21_Linux
make

This will build stage1

python3 exploit.py