dosomder
dosomder
@gjmv You can use the tool https://github.com/fi01/kallsymsprint to get kallsyms from kernel image
You need the kernel, not fotakernel.
Kernel is packed inside kernel.elf. You can find out the offset with linux utility binwalk. Many times it's LZOP or GZIP
@danieljiang0415 sometimes these symbols are removed for security reasons. You need to use IDA or any other disassembler to find it. - Find ptmx**_open** in kallsyms - Find xref to...
Are you sure it has PXN? Usually only 64bit devices have it. Finding joploc and jopret on 32bit is exactly the same, just registers are different (e.g. `X0` is `R0`...
Well I don't have any Samsung device, so can't help you much. But it shouldn't be too difficult to adapt the code.
@Trailblazer101 First of all I used [bin2elf.sh](https://gist.github.com/tangrs/4030336) to create an ELF file from the image. That way it's easier to analyze with IDA. Open the `s6_kernel.elf` in IDA64. Choose `ELF...
Thanks, you can find it on the xda profile :)
What toolchain are you using? Try with Android NDK r10e. Looks like you're missing some headers.
It's to increase the pipe buffer. I don't think it's crucial for the exploit If you are compiling for Android 4.4. you should adapt Application.mk. Then you would probably get...