Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grant full capabilities to root shell. #5

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Grant full capabilities to root shell. #5

wants to merge 2 commits into from

Conversation

m4b4
Copy link

@m4b4 m4b4 commented Apr 23, 2024

On my Pixel 7 it seems overwriting only uid, gid, .. in the task structure is not sufficient to grant full root access (see here). For instance, after getting the root shell I wasn't able to cd into /data/local/tmp anymore:

panther:/ # whoami
root
panther:/data/local/tmp # ls
ls: .: Permission denied
1|panther:/data/local/tmp # getenforce
Permissive

This PR contains the following changes:

  • Add offsets for Pixel 7 UP1A.231005.007
  • Make get_root also overwrite the cap_* fields and securebits.

I don't have a chance to test this on a Pro model, but on the Pixel 7 it seems to fix the issue for me:

panther:/data/local/tmp # whoami
root
panther:/data/local/tmp # cd /data/local/tmp
panther:/data/local/tmp # ls
another_boot.img  boot.img  boot_231105_003_p7.img  exp2  exp_new  exp_new2  exploit  exploit2  kernel  kernel_pixel8  magiskboot  mali_kbase.ko  mali_pixel.ko  smaps.txt
panther:/data/local/tmp #

@m4b4 m4b4 mentioned this pull request Jun 7, 2024
Closed
@atimofeev86
Copy link

what is my issue?
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@m4b4 @atimofeev86