greenmind-sec / DirtyPipe-Android

Dirty Pipe root exploit for Android (Pixel 6)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

DirtyPipe for Android

Dirty Pipe (CVE-2022-0847) temporary root PoC for Android.

Targets

Currently only run on Pixel 6 with security patch level 2022-02-05. Don't use on other devices or other versions. It must crash (reboot).

How to use

  1. Download binary from release page.
  2. Setup adb (android platform tools).
  3. Launch run.bat (For Windows) or run.sh (For Linux/Mac)
    • If you get 'adb' is not recognized ... errors, check to add adb to PATH.
  4. You now get temporary root shell by telnet 10847

Screenshot

How to build

  1. Install Android NDK
  2. Set PATH for aarch64-linux-android31-clang
export PATH=$PATH:$ANDROID\_NDK/toolchains/llvm/prebuilt/linux-x86\_64/bin
  1. Run make
$ make

How to build kernel module

  1. Download Pixel 6 kernel source. Link
  2. Put mymod directory on kernel/private/google-modules/
  3. Apply mymod/build-script-patch.patch to kernel/private/gs-google
  4. Run build script
# For the first build
$ LTO=thin ./build/build.sh
# For faster rebuild (skip full rebuild)
$ SKIP\_MRPROPER=1 SKIP\_DEFCONFIG=1 LTO=thin ./build/build.sh

Future work

  • Stop using insecure telnet
  • Make apk
  • Install Magisk
  • Add device support

Credits

About

Dirty Pipe root exploit for Android (Pixel 6)


Languages

Language:C 59.1%Language:C++ 17.0%Language:Shell 9.5%Language:Assembly 7.7%Language:Makefile 5.9%Language:Batchfile 0.7%