I'll submit the poc after blackhat
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bbshell
mediaserver
surfaceflinger
systemserver
README.md

README.md

This PoC is divided into three Parts, the folder mediaserver help to inject code into mediaserver from a normal application. the folder surfaceflinger help to inject code to surfaceflinger after you got mediaserver permission. the folder system_server help to inject code to system_server after you got surfaceflinger permission. the bbshell folder help to inject busybox to mediaserver

the PoC contain many hard codes, I tested it on Nexus 5 for Android 5.0(LRX21O), you may have to adust these hard codes to suit your case. detail introduce about the vulnerability please refer to https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege-wp.pdf