Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

huawei G700 fail #18

Open
zllfdd opened this issue Nov 21, 2013 · 8 comments
Open

huawei G700 fail #18

zllfdd opened this issue Nov 21, 2013 · 8 comments

Comments

@zllfdd
Copy link

zllfdd commented Nov 21, 2013

Device detected: HUAWEI G700-T00 (G700-T00 V100R001CHNC01B138)

Try to find address in memory...
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x80008000 form iomem

Attempt fb_mem exploit...
Detected kernel physical address at 0x80008000 form iomem
Segmentation fault
@nothize
Copy link

nothize commented Nov 21, 2013

Could you post the panic log?

On 21 November 2013 14:02, zll [email protected] wrote:

Device detected: HUAWEI G700-T00 (G700-T00 V100R001CHNC01B138)

Try to find address in memory...
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x80008000 form iomem

Attempt fb_mem exploit...
Detected kernel physical address at 0x80008000 form iomem
Segmentation fault


Reply to this email directly or view it on GitHubhttps://github.com//issues/18
.

Regards,
Nothize

@zllfdd
Copy link
Author

zllfdd commented Nov 22, 2013

Did you mean kernel panic log? nothing happened but segmentation fault and the phone still works well.

/proc/version:
Linux version 3.4.5 (jenkins@sp-linux015-desktop) (gcc version 4.6.x-google 20120106 (prerelease) (GCC) ) #1 SMP PREEMPT Wed Sep 25 12:04:03 HKT 2013

@garyhouston
Copy link

Same on Huawei Y330, it crashes in the mmap call in libexploit/libfb_mem_exploit/fb_mem_mmap.c. If I change the first argument from MAPPED_BASE to NULL it doesn't crash, but I suppose that value is there for a reason. It still doesn't do anything useful:

Device detected: HUAWEI Y330-U01 (Y330-U01 V100R001C00B124)

Try to find address in memory...
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x80108000 from iomem

Attempt fb_mem exploit...
Detected kernel physical address at 0x80108000 from iomem
You need to manage to get remap_pfn_range address.

Try copying kernel memory... It will take a long time.
Attempt pingpong exploit...
No icmp socket available
Attempt futex exploit...
failed to exploit...
Attempt get_user exploit...
connect(): failed
Attempt get_user exploit...
(it hangs at this point)

@TirelessMan
Copy link

Hi garyhouston,
I attemed to run pingpong exploit but I got No icmp socket available Error too!!!

Did you resolve that? Can you help me I resolve that please?
Thanks in advance

@garyhouston
Copy link

It's trying to create a socket using:
socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
and it fails with "Permission denied". So this feature is disabled in the kernel.

@TirelessMan
Copy link

Thanks garyhouston ,
So how can I resolve the problem? I mean how can I enable this feature in the kernel?

Thanks in advance

@garyhouston
Copy link

Well, not without having root.

@TirelessMan
Copy link

TirelessMan commented Nov 2, 2016
edited
Loading

Actually not having root!
I want to get root access using a vulnerability, and I think at the first I don't have any root access.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nothize @zllfdd @garyhouston @TirelessMan