Samsung_S7/source/exploit
Jonathan Herrewijnen d9d9ae332a Cleaning up code and rewriting documentation. Now mostly finalized.
Boots BL2 and returns to debugger. BL2 is not yet patcheable.
2024-09-10 18:59:32 +02:00
..
.vscode Now booting into USB recovery. Not yet jumping back to the debugger at each boot stage 2024-08-16 18:15:53 +02:00
debugger updated docs 2024-08-12 16:57:40 +02:00
stage1 Updating readme and adding some necessary binaries to run the exploit 2024-08-20 16:31:49 +02:00
.gitignore bl1 authenticated and jumped to 2024-08-09 22:22:16 +02:00
exploit.py Cleaning up code and rewriting documentation. Now mostly finalized. 2024-09-10 18:59:32 +02:00
exynos8890.dtsi send/receive working 2024-08-02 15:51:35 +02:00
exynos8895-reference.dtsi small docs update 2024-08-03 15:38:10 +02:00
ghidra.py added normal boot mode 2024-08-16 10:11:18 +02:00
Readme.md stage1 and debugger working 2024-08-05 14:51:04 +02:00
TTBR0_EL3: 0xbc46508b2f14e0 Cleaning up code and rewriting documentation. Now mostly finalized. 2024-09-10 18:59:32 +02:00

Exploit

Python implementation of Frederick's exploit. This gives a bit more insight in the bug.

Debugger

The debugger is used for chain loading the next stages. See the documentation folder for more docs

Usage

Navigate to stage1 and build it:

export ANDROID_NDK_ROOT=$TOOLCHAINENV/android-ndk-r21_Linux
make

This will build stage1

python3 exploit.py