I hereby claim:
- I am fuzion24 on github.
- I am fuzion24 (https://keybase.io/fuzion24) on keybase.
- I have a public key whose fingerprint is DCA7 93D3 BA47 EE72 0733 7426 464A 7A0A A335 84D8
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#include <stdio.h> | |
#include <signal.h> | |
#include <string.h> | |
/* | |
CVE-2013-2141 | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f | |
*/ | |
void * kernel_stack_address = NULL; |
I/chromium( 6890): [INFO:CONSOLE(37)] "AddJavascriptInterface: top[Android]: com.WebAppInterface@3847a08c -
error: Access to java.lang.Object.getClass is blocked", source: http://[REDACTED].com/ (37)
For applications targeting Android >= 5.0, you can enumerate the methods available from inside javascript. "Enumeration of methods will be enabled for applications targeting API levels newer than KitKat (to preserve compatibility with older apps)."
/* CVE-2014-0196 DOS PoC [Written May 5th, 2014] | |
* by DigitalCold <digitalcold0@gmail.com> | |
* | |
* Note: this crashes my i686 Gentoo system running 3.12.14 | |
* and an old Backtrack 5r3 running 3.2.6. Any advice on how to gain | |
* code exec would be greatly appreciated. | |
* | |
* Usage: gcc -O2 -o pty pty.c -lutil && ./pty | |
* | |
* CVE: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0196.html |
#! /bin/sh | |
#Opens Chrome canary (or Chromium or w/e CHROME_PATH points to) in igcognito mode. | |
#Uses very popular user agent | |
#Sets Tor as the socks proxy | |
CHROME_PATH="/Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary" | |
tor &> /dev/null & \ |
This is a brief guide on how I patched the CVE-2015-1474 for my Nexus 5 - 5.0.1. This involes downloading and building AOSP with the patch for the vuln applied. I have attached a pre-built patched version of libui.so for the Nexus5 5.0.1 in the case you are too lazy to build it yourself (and you trust me).
repo init -u https://android.googlesource.com/platform/manifest -b android-5.0.1_r1
repo sync -j16
cd frameworks/native
# https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091%5E%21/#F0
git cherry-pick 2bc5e811a817a8c667bca4318ae98582b0ee6dc6
bitbox ➜ aosp find . -type f -name "*.java" -print0 | xargs -0 -r grep -E --files-with-matches --null -- "(public|private) native" | xargs -0 -r grep -E --files-with-matches -- "implements (Serializable|Parcelable)" | |
./frameworks/ml/bordeaux/learning/stochastic_linear_ranker/java/android/bordeaux/learning/StochasticLinearRanker.java | |
./frameworks/base/media/java/android/media/MediaPlayer.java | |
./frameworks/base/graphics/java/android/graphics/Region.java | |
./frameworks/base/core/java/android/view/InputChannel.java | |
./frameworks/base/core/java/android/hardware/camera2/impl/CameraMetadataNative.java | |
./external/chromium_org/chrome/android/java/src/org/chromium/chrome/browser/ChromeBrowserProvider.java | |
./libcore/libart/src/main/java/java/lang/String.java | |
./libcore/libart/src/main/java/java/lang/Class.java |
LOAD:FE82CDA8 DCD aTzbsp_pil_init ; "tzbsp_pil_init_image_ns"
LOAD:FE82CDAC DCD 0x3D
LOAD:FE82CDB0 DCD tzbsp_pil_init_image_ns+1
LOAD:FE82CDB4 DCD 2
LOAD:FE82CDB8 DCD 4
LOAD:FE82CDBC DCD 4
LOAD:FE82CDC0 DCD 0x805
LOAD:FE82CDC4 DCD aTzbsp_pil_auth ; "tzbsp_pil_auth_reset_ns"
LOAD:FE82CDC8 DCD 0x3D
[ 0.000000] Linux version 4.5.0-rc2+ (fuzion24@bitbox) (gcc version 6.0.0 20160221 (experimental) (GCC) ) #4 SMP Mon Feb 22 14:12:37 EST 2016 | |
[ 0.000000] Command line: root=/dev/sda | |
[ 0.000000] x86/fpu: Legacy x87 FPU detected. | |
[ 0.000000] x86/fpu: Using 'lazy' FPU context switches. | |
[ 0.000000] e820: BIOS-provided physical RAM map: | |
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable | |
[ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved | |
[ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved | |
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007fffdfff] usable | |
[ 0.000000] BIOS-e820: [mem 0x000000007fffe000-0x000000007fffffff] reserved |