Skip to content

p1gl3t/CVE-2015-1474_poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
Android.mk
Android.mk
 
 
Android.mk.static.failed
Android.mk.static.failed
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
screencap.cpp
screencap.cpp
 
 

Repository files navigation

This code is ment to be a tentative of a poc for CVE-2015-1474. The code is based on the code of the screencap comand, but generates a rogue parcel that crashes the surfaceflinger when it is deserialized. See more at http://forum.xda-developers.com/kindle-fire-hdx/orig-development/evaluating-cve-2015-1474-to-escalate-to-t3045163.

Clone under frameworks/base/cmds/badscreencap and compile with mmm frameworks/base/cmds/badscreencap. To be able to compile you change the visibility of BBinder::onTransact to public (in frameworks/native/include/Binder.h). This is required for getting the vtable offset of that method.

You can pull the required .so's from your device (or OTA package) if you do not want to build the entire native Android framework.

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity

Stars

19 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages