dosomder

Ah I see :) I don't know if this is ugly but you could make these functions in libart.so simple stubs. At the beginning detect which version the oat files...

@rovo89 is the Xposed ART source for Oreo available? On github I only see nougat as the latest branch. I would like to try it myself as it's really a...

See the file: https://github.com/dosomder/iovyroot/blob/master/jni/include/offsets.h For 32bit devices you need the following addresses from kallsyms ``` ptmx_fops sidtab policydb selinux_enabled selinux_enforcing ```

You probably have the wrong offsets. Also not sure about S5 but Samsung uses additional protection on some devices. See here: https://github.com/dosomder/iovyroot/issues/1#issuecomment-237780158

Which android version are you using? You can try replacing `sendmmsg(sockfd, &msg, 1, 0);` with `syscall(374, sockfd, &msg, 1, 0);`

You can find them using IDA and kallsymsprint

The tool was made for Android Lollipop. If you want to try it on Android 4.1 you have to edit the `APP_PLATFORM` version in https://github.com/dosomder/iovyroot/blob/master/jni/Application.mk and possibly fix the code

You can find joploc through signature, see here: https://github.com/dosomder/iovyroot/blob/master/jni/getroot.c#L180 Just search for example for `ADD X0, X29, #0x78` (copy it from getroot.c because of the spaces) in IDA until you...

Make sure you copy the exact command from getroot.c. There are 2 possible gadgets depending on the firmware. If you still can't find it, upload the kernel image and I'll...

@oblique X0 is the return register and X29 is the frame pointer register (something like stack pointer). Basically what this JOP gadget does is return the lower 4 bytes of...