Skip to content

Android_DD_Dcow uses the dirtycow vulnerability to gain root + install_recovery for dd writing

Notifications You must be signed in to change notification settings

droidvoider/Android_6.01__DD_Dcow

 
 

Repository files navigation

STERN DEVELOPER WARNING: PROCESS WILL NOT REINITIATE UNTIL AFTER IT HAS REBOOTED STERN DEVELOPER WARNING: YOU MUST REBOOT BEFORE YOU MAY READ/WRITE AGAIN

STERN DEVELOPER WARNING: WRITING SOMETHING MEANS REBOOTING WITH IT!!!!!! STERN DEVELOPER WARNING: WRITING SOMETHING MEANS REBOOTING WITH IT!!!!!! STERN DEVELOPER WARNING: WRITING SOMETHING MEANS REBOOTING WITH IT!!!!!!

WARNING THIS IS LITERALLY THE MOST DANGEROUS ANDROID TOOLS I'VE EVER SEEN!!! This tool writes to the partitions on 64bit Android 6.01 dirtycow vulnerable devices. It does so without verifying anything. It will write whatever you tell it to write without even blinking!! So if you write your recipe for chicken soup to your BOTA0/BOTA1 partition your device is hisory..


------------------- Android 64bit dirtycow image manipulation project --------------------------

This educational tool is for replacing images on 64-bit Android 6.01 devices with locked bootloaders. This process is dangerous even when using the proper tools such as Odin with the proper factory firmware!

This tool was released 03/29/2017 with very little testing. It is aimed at developers and isn't meant for anyone who doesn't understand Android completely. If you replace your bootloader with an incompatible/unsigned version it is possible the hardware will disallow booting. Developers test these things in a safe way do not test theories on your daily device. YOU WILL BE VERY VERY SORRY NEW COMER, my name is droidvoider for a reason I ruin a lot of droid.


BASIC INSTRUCTIONS: This tool uses a text file to determine what to copy and where. An example of both push/pull files are included along with this tool. (you can take the binaries and mimic the process in Makefile for Windows. I will eventually do this)

  1. Download the github repo.
  2. Open pull_files.txt see the if=/dev/block path then adb shell to your device to confirm path. Note: For example: run this from a shell adb shell then cd /dev/block/platform/15570000.ufs/by-name/ then ls -la Sub notes: directory taken from pull_files.txt ---> (if=/dev/block/platform/15570000.ufs/by-name/BOTA0)
  3. Confirm the Allow MTP message on your device BEFORE continuing or not at all.., before is best bash command from ubuntu with ndk installed (not all binaries present -- currently req. compile)
  4. make pull or make push respectively
  5. You must specify block size but don't use short hand!! bs=8388608 is correct but bs=8m is wrong (must use bytes for dd block size!!) -- all fields are required to run i think, i woudnn't leave out block size I will say this again though!!! Please notice that you can set the block size for transfers.. You can NOT use bs=10m for 10 megabytes.. It must be written in bytes (the example is approximately bs=8m, again never use m values with my binaries it will fail)

**See Makefile for basic process of how things work. VERY VERY IMPORTANT NOTE:

LIST OF COMMANDS

Showing the status

make log

Pulling recover image

first edit pull_files.txt to add RECOVERY path

make pull

Pushing recovery image (flashing)

first edit push_files.txt to add RECOVERY path Place the image you want to flash in the root directory push_images with the name matching the name in push_files.txt. This is a really dangerous function. Only do this if you know what you are doing.

make push

Pulling multi images

first edit pull_files.txt to add any/every path

make pull

Pushing multi image (flashing)

first edit pull_files.txt to add any/every path Place the image you want to flash in the push_images/ folder in the directory with the binary. (error?? check names, paths.. see my examples) This is a really dangerous function. Only do this if you know what you are doing.

make push

Notes

If the log gets stuck here

farm-root: [*] waiting for process to finish

try to get system-server to run a toolbox command. (turning lockscreen on and off seems to work for galaxy s7 active and galaxy Note 5).

TODO

  • fix for armeabi? doesn't seem to work for this architecture right now.

Help/Sources

About

Android_DD_Dcow uses the dirtycow vulnerability to gain root + install_recovery for dd writing

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 97.4%
  • Makefile 1.4%
  • Other 1.2%