Giter Club home page Giter Club logo

badspin's Introduction

Bad Spin: Android Binder LPE

Author: Moshe Kol

Privilege escalation exploit from unstrusted_app for Android Binder vulnerability (CVE-2022-20421). The vulnerability is patched on Android's Security Bulletin of October 2022.

Run from shell

  1. Compile the libbadspin.so library by typing make push in the src/ directory. This will also push the library to /data/local/tmp.
  2. Run adb shell.
  3. Run LD_PRELOAD=/data/local/tmp/libbadspin.so sleep 1. This will load the library and start the exploit.

Run from demo app

  1. Compile libbadspin.so by typing make push in the src/ directory. This will copy the library to the assets directory for the demo Android app.
  2. Compile the demo Android app in the app/ directory. (You might need Android Studio to do this.)
  3. Run the app and click on the "Exploit" button.
  4. Consume logs using: adb logcat -s BADSPIN

Compilation options

You can pass the following variables to make:

  • VERBOSE=1 to increase verbosity.
  • TEST_VULN=1 to test the vulnerability without proceeding with the exploit.

Tested devices

$ make list
0: Samsung Galaxy S22, Android 12 (6/2022), kernel 5.10.81
1: Samsung Galaxy S21 Ultra, Android 12 (3/2022), kernel 5.4.129
2: Google Pixel 6, Android 12 (5/2022), kernel 5.10.66
3: Google Pixel 6, Android 13 (9/2022), kernel 5.10.107

Full root and SELinux bypass for Pixel 6. For Samsung devices, the exploit achieves kernel R/W only.

Known issues

The phone might crash on unsuccessful attempts. The exploit is unstable in the first few minutes after boot.

badspin's People

Contributors

0xkol avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.