don't you guys think that 0xDEADBEEFs should go away before this so-called poc start working? any ideas on that one?
that's where the use after free bug should come in.
ioctl(binder_fd, BINDER_THREAD_EXIT, NULL);
when this is called, t...
I've seen that code and I agree that temp root is only part of the puzzle. Unless there's another bug somewhere or the flaw writeup I found about Citadel can be leveraged the only other thought I have is can the Verizon ID call be changed to think...
chompie1337 I bypassed HKIP by tricking the kernel into thinking that the exploit is the swapper, and can get a root shell now! (still limited by SELinux and the context is still shell) I'm trying to get the orderly_poweroff thing working now. BTW...
I downloaded the latest version and it seems to have fixed that. Now it is a bad kernel address.
MAIN: starting exploit for devices with waitqueue at 0x98
PARENT: Calling WRITEV
CHILD: Doing EPOLL_CTL_DEL.
CHILD: Finished EPOLL_CTL_DEL.
I've received a lot of messages asking for help finding the WAITQUEUE_OFFSET. since i know a lot of people are lurking this thread as well, I'll post instructions on how to find it if you have your devices firmware. The following example is for ...