README.md
REQUIREMENTS
Debian packages:
- gcc-arm-linux-gnueabi (Busybox)
- dialog
- build-essential
Android SDK:
- adb (on $PATH)
- NDK bundle (CVE-2016-5195 needs it)
PROCEDURE FOR IMAGING
- Airplane mode
- Exploit root
- adb forward tcp:8000 tcp:8000
- (on recipient) nc -w 3 localhost 8000 | gunzip | tee file.dd | sha256sum | tee file.dd.sha256
- dd if=/dev/block/mmcblk0 conv=noerror,sync | gzip | nc -l -p 8000
- Crack a cold brewski with THE FUCKING LADS
- Profit!
PROCEDURE FOR BUSYBOX
(on tools/busybox-android folder)
- ./build.sh
- ./deploy.sh
NOTES
- Dumped image seems to use MSDOS partition table
- WARNING Exploit CVE-2016-5195 CAN overwrite RO files SOMEHOW, so besides de disk image, a copy of the run-as is also downloaded in case modification was permanent. In most terminals, the file is not overwritten, but it HAS happened and may very well happen, leaving the terminal vulnerable.
EXPLOITS
- [PATCHED] Dirty Cow (CVE-2016-5195): Exploit persists until reboot. Patched on 1st December 2016 Security Patch Level.
DEVEL TODO's
- [CVE-2014-3153] Adapt and try
- [CVE-2016-5195] dcow doesn't completely overwrite original file bytes sometimes. Requires multiple tries or reboot
- Logging system