Samsung_S7/source/exploit
Jonathan Herrewijnen 44ebe96d86 adds ghzfile
2024-10-24 19:18:42 +02:00
..
.vscode Now booting into USB recovery. Not yet jumping back to the debugger at each boot stage 2024-08-16 18:15:53 +02:00
debugger updated docs 2024-08-12 16:57:40 +02:00
stage1 Updating readme and adding some necessary binaries to run the exploit 2024-08-20 16:31:49 +02:00
.gitignore bl1 authenticated and jumped to 2024-08-09 22:22:16 +02:00
exploit.py Modify usb_recovery boot to boot normally or in another way 2024-10-24 18:28:39 +02:00
exynos8890.dtsi send/receive working 2024-08-02 15:51:35 +02:00
exynos8895-reference.dtsi small docs update 2024-08-03 15:38:10 +02:00
ghidra.py added normal boot mode 2024-08-16 10:11:18 +02:00
Readme.md stage1 and debugger working 2024-08-05 14:51:04 +02:00
ttbr0_el3.pkl adds ghzfile 2024-10-24 19:18:42 +02:00

Exploit

Python implementation of Frederick's exploit. This gives a bit more insight in the bug.

Debugger

The debugger is used for chain loading the next stages. See the documentation folder for more docs

Usage

Navigate to stage1 and build it:

export ANDROID_NDK_ROOT=$TOOLCHAINENV/android-ndk-r21_Linux
make

This will build stage1

python3 exploit.py