CVE-2016-5195
CVE-2016-5195 copied to clipboard
timwr
corruption on the output file
The last update make my phone be able to run the exploit, but it corrupts the output file, so when I'm going to run, it gives me a segmentation fault.
any ideas of what to do?
I have done a copy of input and output if you want to see.
thanks
Although I solved an issue in the code that deals with this exact subject it doesn't matter anyway. The answer is your file is larger than the file you're attempting to patch. You can patch files that are smaller than, I think dirtycow writes 00000000 to match the file size.. But if you patch a file that is larger then dirtycow will run out of space and seg fault.
Be creative, you will get it. Move some of what your trying to do to someplace else.
And this is the same issue from Oct 2016? https://github.com/timwr/CVE-2016-5195/issues/6
Because I'm finding myself wondering what device we are speaking about. I have a ton of old devices I would love to play with this question.
no, the other one was fixed, the dirtycow binary itself wouldnt run this new one makes too big files to be weirdly written to memory (almost no writes for real)
....... what device and at least what file size? binary i assume right?? i'm helpin so you gotta help me help you.
things i tried
1-create two files, one with a single a inside and the other with xd inside then dcow one into the other result: it worked, but the cat output was like that "a
"
2-create a bash script (sort of 90kb) then replace into run-as result: run-as got corrupted
3-replace the same bash script with an other system file but smaller in size yet bigger then the script file choosen: monkey
result: the dcow was succesfully replaced, but 4 characters of the monkey stayed in there at the blank space seen in test 1
4- a little bit bigger script replacing monkey again
result:complete sucess
5-trying to dcow a from the first test into run-as result:run-as corrupted cat shows little difference from original run-as
results observed: too big files crash my dirtycow, when i have free time i'll try to determine what size interval that bugs my dcow so ill try to find an explanation in the code
but thanks for trying to help bro
about the tablet it's an brazilian tablet that i found in the trash it have an elija board that i cant find anything about in the internet armv7 processor maybe 512mb ram
First of all there's nothing wrong with the code the compiler complains but when I follow the logic back my previous assumption that ptrace returns only long is incorrect. Second I am completely unable to create an error writing to any file up to almost 7mb using dirtycow. 100% of the time on vulnerable devices it writes. I have tested with android 4.42, 5.11 and 6.01.
I'm sorry it does appear you have an incompatible device
I think that it's not incompatible, because it writes the actual file when it's small, but it may be because of the kernel version since my kernel is 2.x and your smaller (kitkat) is already 3.x but it does write, just writes badly on too big files you said that you have a 7mb limitation, my device must be bugging before your limit what amount of ram do you have?
@gkillershots I guess it's using the ptrace method then. Could be a multiple of the 4096 page size
Yes, it says it's using ptrace method, well observed, that may be why it bugs only on my device, when I go look into the code the next time I'll know where to look
new tests
created 2 new files named by it's size 4100 and 4093 to test if the problem is with files bigger then 4096
1st test dcow a(18) into 4100 result failed, random enters in code and only 2 characters replaced and a lot of empty spaces added
2nd test dcow a(18) into 4093 result failed, random enters in code and only 5 characters replaced and a lot of empty spaces added
created a new file 4001 3rd test dcow a(18) into 4001 result failed too just like the others with only one character replaced and a lot of empty spaces added
created a new file 1998 4th test dcow a(18) into 1998 result failed
created a new file 1017 5th test dcow a(18) into 1017 result failed
went to github to see if the size were really 4096 continuing to determine the max size
created a new file 507 6th test dcow a(18) into 507 result failed
created a new file 249 7th test dcow a(18) into 249 result wrote every 18 bytes from a, but with a lot of empty spaces added and still 3 groups of 4 characters each of the original file randomly placed
created a new file 114 8th test dcow a(18) into 114 result empty spaces still left but it now worked to replace everything without traces of the original file
Hello sir, I am try to root my asus android phone with android 7.0.After executing 'make root' command it gives following output
make root
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_ABI=arm64-v8a NDK_APPLICATION_MK=./Application.mk APP_PLATFORM=android-24 make[1]: Entering directory /home/rohitnew/CVE-2016-5195-master' [arm64-v8a] Install : dirtycow => libs/arm64-v8a/dirtycow [arm64-v8a] Install : run-as => libs/arm64-v8a/run-as make[1]: Leaving directory/home/rohitnew/CVE-2016-5195-master' adb push libs/arm64-v8a/dirtycow /data/local/tmp/dcow [100%] /data/local/tmp/dcow adb shell 'chmod 777 /data/local/tmp/dcow' adb shell 'chmod 777 /data/local/tmp/dcow' adb push libs/arm64-v8a/run-as /data/local/tmp/run-as [100%] /data/local/tmp/run-as adb shell '/data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-as' dcow /data/local/tmp/run-as /system/bin/run-as warning: new file size (10144) and destination file size (14360) differ
[] size 14360 [] mmap 0x7f0bff4000 [] currently 0x7f0bff4000=10102464c457f [] using /proc/self/mem method [] madvise = 0x7f0bff4000 14360 [] madvise = 0 16777216 [] /proc/self/mem 30902720 2152 [] exploited 0 0x7f0bff4000=10102464c457f make: *** [root] Error 255 Is there some thing wrong done by me.
My model is zenfone 3s Max android android version 7.0
and also run test command it also give same error