REQUIREMENTS

Debian packages:

• gcc-arm-linux-gnueabi (Busybox)
• dialog
• build-essential

Android SDK:

• adb (on $PATH)
• NDK bundle (CVE-2016-5195 needs it)

PROCEDURE FOR IMAGING

1. Airplane mode
2. Exploit root
3. adb forward tcp:8000 tcp:8000
4. (on recipient) nc -w 3 localhost 8000 | gunzip | tee file.dd | sha256sum | tee file.dd.sha256
5. dd if=/dev/block/mmcblk0 conv=noerror,sync | gzip | nc -l -p 8000
6. Crack a cold brewski with THE FUCKING LADS
7. Profit!

PROCEDURE FOR BUSYBOX

(on tools/busybox-android folder)

1. ./build.sh
2. ./deploy.sh

NOTES

• Dumped image seems to use MSDOS partition table
• WARNING Exploit CVE-2016-5195 CAN overwrite RO files SOMEHOW, so besides de disk image, a copy of the run-as is also downloaded in case modification was permanent. In most terminals, the file is not overwritten, but it HAS happened and may very well happen, leaving the terminal vulnerable.

EXPLOITS

• [PATCHED] Dirty Cow (CVE-2016-5195): Exploit persists until reboot. Patched on 1st December 2016 Security Patch Level.

DEVEL TODO's

• [CVE-2014-3153] Adapt and try
• [CVE-2016-5195] dcow doesn't completely overwrite original file bytes sometimes. Requires multiple tries or reboot
• [CVE-2017-0781] blueborne. See https://jesux.es/exploiting/blueborne-android-6.0.1/
• Logging system