-
This works on the goldfish 3.4 Emulator
-
Initroot: https://alephsecurity.com/2017/06/07/initroot-moto/ has been released for my device (harpia), so I have stopped porting the exploit to my device (harpia/...).
-
I have learnt a large amount from working on this project, but initroot appears to be a better option.
-
goldifsh/... has the files to execute this exploit on android.
-
goldfish/runme.sh has the steps to deploy and execute the exploit
-
mod_exploit/ is a kernel module that creates the exploit shell code (see expmod.c) extracted by goldfish/..
-
As a PoC the exploit will call trace_printk to print some text to /sys/kernel/debug/tracing/trace, the correct trace_printk pointer for your goldfish kernel should be set in expmod.c