PIXEL C
rakhenmanoa opened this issue · comments
Hi, do you think shofel2 will work on the pixel C
yes
I would say no instead.
Finally I got all the binaries successfully built, using the documentation.
But I have two problems:
- Vendor & Product IDs are obviously different. In order to fix this I simply changed one line:
#DEV_ID_SWITCH = (0x0955, 0x7321)
DEV_ID_SWITCH = (0x18d1, 0x5201)
- When I run the exploit it says the following (sanity check failed):
$ ./shofel2.py cbfs.bin ../../coreboot/build/coreboot.rom
File descriptor: 7
Traceback (most recent call last):
File "/home/samuel/Projects/fail0overflow/shofel2/exploit/./shofel2.py", line 258, in <module>
rcm.pwn()
File "/home/samuel/Projects/fail0overflow/shofel2/exploit/./shofel2.py", line 176, in pwn
s.sanity_check(src_base, dst_base)
File "/home/samuel/Projects/fail0overflow/shofel2/exploit/./shofel2.py", line 101, in sanity_check
cur_src = parse32(buf, 0xc)
File "/home/samuel/Projects/fail0overflow/shofel2/exploit/./shofel2.py", line 27, in parse32
return struct.unpack('<L', buf[offset:offset+4])[0]
struct.error: unpack requires a buffer of 4 bytes
Any tip would be appreciated...
I got the exploit to work on pixel c but that was some years ago. Probably someone has already posted a working version online somewhere if you search around
I got the exploit to work on pixel c but that was some years ago. Probably someone has already posted a working version online somewhere if you search around
Thank you very much: that's very encouraging to me...
But I am afraid RCM (the context where to launch your exploit) has nothing to do with the fastboot mode; more likely corresponds to the recovery mode.
Unfortunately I am able to run only the fastboot mode.