Tim

Not sure.. off the top of my head maybe you need to use a more recent ndk? perhaps ndk-r13?

?

@gkillershots I guess it's using the ptrace method then. Could be a multiple of the 4096 page size

try `make root`, then `adb shell` then `run-as` You might be able to `echo 0 > /proc/sys/kernel/kptr_restrict` if all goes well. On Kitkat and up you might be blocked by...

Which device is this? run-as has issues on the Galaxy S4 (and some other phones I think). The phone is still vulnerable however

It's not the compiler environment. You can confirm the device is vulnerable with `make test`. I suspect you're seeing this issue: https://code.google.com/p/android/issues/detail?id=58373

You'll need to update the offsets for your kernel. If it's pixel you can download the image, extract the kernel from boot.img, and figure out the offsets with r2 and...

@mrDoctorWho can you post the full log? Which line causes the crash? If it crashes before it has kernel rw it's likely these offsets: https://gist.github.com/mrDoctorWho/7436d61490d5e71aee31f811b119bdc6#file-su98-pixel1-c-L78

The only thing I can suggest is to try a reduced version of the POC to see if, at the very least, you can reliably leak some kernel memory. This...

@lucyoa :)