About Me

  • About chompie1337
    Biography
    researcher

Statistics

Total Posts
General Information
  • Last Activity: 4th October 2020 05:24 AM
  • Last Login: 1st January 1970 12:00 AM
  • Join Date: 2nd October 2019
  • Referrals: 0

Most Thanked

Thanks
Post Summary
5
don't you guys think that 0xDEADBEEFs should go away before this so-called poc start working? any ideas on that one? that's where the use after free bug should come in. ioctl(binder_fd, BINDER_THREAD_EXIT, NULL); when this is called, t...
3
I've seen that code and I agree that temp root is only part of the puzzle. Unless there's another bug somewhere or the flaw writeup I found about Citadel can be leveraged the only other thought I have is can the Verizon ID call be changed to think...
2
chompie1337 I bypassed HKIP by tricking the kernel into thinking that the exploit is the swapper, and can get a root shell now! (still limited by SELinux and the context is still shell) I'm trying to get the orderly_poweroff thing working now. BTW...
2
I downloaded the latest version and it seems to have fixed that. Now it is a bad kernel address. MAIN: starting exploit for devices with waitqueue at 0x98 PARENT: Calling WRITEV CHILD: Doing EPOLL_CTL_DEL. CHILD: Finished EPOLL_CTL_DEL. C...
2
I've received a lot of messages asking for help finding the WAITQUEUE_OFFSET. since i know a lot of people are lurking this thread as well, I'll post instructions on how to find it if you have your devices firmware. The following example is for ...