History

Jonathan Herrewijnen fe58a3b869 reads B33		2024-09-16 17:14:14 +02:00
..
.vscode	Now booting into USB recovery. Not yet jumping back to the debugger at each boot stage	2024-08-16 18:15:53 +02:00
debugger	updated docs	2024-08-12 16:57:40 +02:00
stage1	Updating readme and adding some necessary binaries to run the exploit	2024-08-20 16:31:49 +02:00
.gitignore
exploit.py	reads B33	2024-09-16 17:14:14 +02:00
exynos8890.dtsi
exynos8895-reference.dtsi
ghidra.py	added normal boot mode	2024-08-16 10:11:18 +02:00
Readme.md
TTBR0_EL3: 0xbc46508b2f14e0	Cleaning up code and rewriting documentation. Now mostly finalized.	2024-09-10 18:59:32 +02:00

Exploit

Python implementation of Frederick's exploit. This gives a bit more insight in the bug.

Debugger

The debugger is used for chain loading the next stages. See the documentation folder for more docs

Navigate to stage1 and build it:

export ANDROID_NDK_ROOT=$TOOLCHAINENV/android-ndk-r21_Linux
make

This will build stage1

python3 exploit.py