Samsung_S7/source/exploit
2024-12-07 20:58:35 +01:00
..
.vscode boots mib3 after BL33. keeps debugger? 2024-11-12 20:58:34 +01:00
debugger updated docs 2024-08-12 16:57:40 +02:00
stage1 Updating readme and adding some necessary binaries to run the exploit 2024-08-20 16:31:49 +02:00
.gitignore bl1 authenticated and jumped to 2024-08-09 22:22:16 +02:00
exploit.py docs update and boot flow update 2024-12-07 20:58:35 +01:00
exynos8890.dtsi send/receive working 2024-08-02 15:51:35 +02:00
exynos8895-reference.dtsi small docs update 2024-08-03 15:38:10 +02:00
ghidra.py added normal boot mode 2024-08-16 10:11:18 +02:00
Readme.md stage1 and debugger working 2024-08-05 14:51:04 +02:00
ttbr0_el3.pkl modifies pointers to also debug boot MIB3 2024-11-05 17:30:09 +01:00

Exploit

Python implementation of Frederick's exploit. This gives a bit more insight in the bug.

Debugger

The debugger is used for chain loading the next stages. See the documentation folder for more docs

Usage

Navigate to stage1 and build it:

export ANDROID_NDK_ROOT=$TOOLCHAINENV/android-ndk-r21_Linux
make

This will build stage1

python3 exploit.py