LOAD:FE82CDA8 DCD aTzbsp_pil_init ; "tzbsp_pil_init_image_ns"
LOAD:FE82CDAC DCD 0x3D
LOAD:FE82CDB0 DCD tzbsp_pil_init_image_ns+1
LOAD:FE82CDB4 DCD 2
LOAD:FE82CDB8 DCD 4
LOAD:FE82CDBC DCD 4
LOAD:FE82CDC0 DCD 0x805
LOAD:FE82CDC4 DCD aTzbsp_pil_auth ; "tzbsp_pil_auth_reset_ns"
LOAD:FE82CDC8 DCD 0x3D
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ 0.000000] Linux version 4.5.0-rc2+ (fuzion24@bitbox) (gcc version 6.0.0 20160221 (experimental) (GCC) ) #4 SMP Mon Feb 22 14:12:37 EST 2016 | |
[ 0.000000] Command line: root=/dev/sda | |
[ 0.000000] x86/fpu: Legacy x87 FPU detected. | |
[ 0.000000] x86/fpu: Using 'lazy' FPU context switches. | |
[ 0.000000] e820: BIOS-provided physical RAM map: | |
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable | |
[ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved | |
[ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved | |
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007fffdfff] usable | |
[ 0.000000] BIOS-e820: [mem 0x000000007fffe000-0x000000007fffffff] reserved |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bitbox ➜ aosp find . -type f -name "*.java" -print0 | xargs -0 -r grep -E --files-with-matches --null -- "(public|private) native" | xargs -0 -r grep -E --files-with-matches -- "implements (Serializable|Parcelable)" | |
./frameworks/ml/bordeaux/learning/stochastic_linear_ranker/java/android/bordeaux/learning/StochasticLinearRanker.java | |
./frameworks/base/media/java/android/media/MediaPlayer.java | |
./frameworks/base/graphics/java/android/graphics/Region.java | |
./frameworks/base/core/java/android/view/InputChannel.java | |
./frameworks/base/core/java/android/hardware/camera2/impl/CameraMetadataNative.java | |
./external/chromium_org/chrome/android/java/src/org/chromium/chrome/browser/ChromeBrowserProvider.java | |
./libcore/libart/src/main/java/java/lang/String.java | |
./libcore/libart/src/main/java/java/lang/Class.java |
This is a brief guide on how I patched the CVE-2015-1474 for my Nexus 5 - 5.0.1. This involes downloading and building AOSP with the patch for the vuln applied. I have attached a pre-built patched version of libui.so for the Nexus5 5.0.1 in the case you are too lazy to build it yourself (and you trust me).
repo init -u https://android.googlesource.com/platform/manifest -b android-5.0.1_r1
repo sync -j16
cd frameworks/native
# https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091%5E%21/#F0
git cherry-pick 2bc5e811a817a8c667bca4318ae98582b0ee6dc6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/sh | |
#Opens Chrome canary (or Chromium or w/e CHROME_PATH points to) in igcognito mode. | |
#Uses very popular user agent | |
#Sets Tor as the socks proxy | |
CHROME_PATH="/Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary" | |
tor &> /dev/null & \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* CVE-2014-0196 DOS PoC [Written May 5th, 2014] | |
* by DigitalCold <digitalcold0@gmail.com> | |
* | |
* Note: this crashes my i686 Gentoo system running 3.12.14 | |
* and an old Backtrack 5r3 running 3.2.6. Any advice on how to gain | |
* code exec would be greatly appreciated. | |
* | |
* Usage: gcc -O2 -o pty pty.c -lutil && ./pty | |
* | |
* CVE: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0196.html |
I/chromium( 6890): [INFO:CONSOLE(37)] "AddJavascriptInterface: top[Android]: com.WebAppInterface@3847a08c -
error: Access to java.lang.Object.getClass is blocked", source: http://[REDACTED].com/ (37)
For applications targeting Android >= 5.0, you can enumerate the methods available from inside javascript. "Enumeration of methods will be enabled for applications targeting API levels newer than KitKat (to preserve compatibility with older apps)."
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <signal.h> | |
#include <string.h> | |
/* | |
CVE-2013-2141 | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f | |
*/ | |
void * kernel_stack_address = NULL; |
I hereby claim:
- I am fuzion24 on github.
- I am fuzion24 (https://keybase.io/fuzion24) on keybase.
- I have a public key whose fingerprint is DCA7 93D3 BA47 EE72 0733 7426 464A 7A0A A335 84D8
To claim this, I am signing this object:
wget https://gist.githubusercontent.com/Fuzion24/6dd7552a1c594911416f/raw/server.rb
wget https://s3.amazonaws.com/uploads.hipchat.com/35420/441986/5xRGtuTBdBnuisN/twitter.apk
gem install sinatra --no-rdoc
ruby server.rb ./twitter.apk
NewerOlder