CVE-2016-5195 icon indicating copy to clipboard operation
CVE-2016-5195 copied to clipboard

Published 20 hours ago verified publisher icon timwr

How to use Dirtycow to write /proc/sys/kernel/kptr_restrict

Open manriva opened this issue 7 years ago • 7 comments

I want to write 0 to /proc/sys/kernel/kptr_restrict file,but I use dcow xxx.txt /proc/sys/kernel/kptr_restrict,the file is still 2,how to change this file by Dirtycow?

manriva avatar Mar 09 '17 05:03 manriva

try make root, then adb shell then run-as You might be able to echo 0 > /proc/sys/kernel/kptr_restrict if all goes well. On Kitkat and up you might be blocked by SELinux.

timwr avatar Mar 09 '17 06:03 timwr

but I can't use run-as to be root /system/run-as in my phone is not suid

manriva avatar Mar 09 '17 10:03 manriva

It's a daisy chain of privilege elevations. The art is getting another process with more privilege to call your code. If you do a search for farm-root you will see an example of what someone else has done. I think with that code structure there's nothing you can't do. Before you figure out how to root your device make sure you know where you're going with it. A rooted crashed out device is not an improvement.

droidvoider avatar Mar 09 '17 19:03 droidvoider

I make sure I will root my device,but I can't find any tools to root it Dirtycow can work,but it can't help me to root,and some other CVE need sys_call_table,so I hope Dirtycow can help me to do it

manriva avatar Mar 10 '17 02:03 manriva

What phone do you have?

refi64 avatar Mar 10 '17 03:03 refi64

edited: I opened issues on my repository n920-farm-root. Anyone who wants to help will know what I mean by can you read a file as shell. And you will need to patch your own init I am actually doing this to make people learn because in the end if you want it you will have to compile it. by the way if it is unclear I am about the education no way would I do a true test on my own device I am really happy with it. I do have someone willing to test a n920a who is a developer also but beyond that you need to start reading.

droidvoider avatar Mar 10 '17 16:03 droidvoider

I happen to have a ton of devices that I've set aside specifically for testing with. And I'm also not afraid to test on my own devices if you're needing tests done. I currently have four Google Pixels, a Nexus 6, two Nexus 6P's, a Motorola Z Force Droid, three Galaxy S7's, and a few others like random Samsung Tablets and a couple newer ZTE Phones. I've been using this exploit since the day I learned about it but my knowledge is limited to experience only, so try as I might to understand the deeper concepts explained here I'm still more lost than I should be. At any rate I'm down to be of assistance in any way that I can if interested.

therealjayvi90 avatar Mar 17 '17 04:03 therealjayvi90