├── .gitignore ├── .vscode └── settings.json ├── Makefile ├── README.md ├── exploit ├── gdbinit ├── ghidra_scripts ├── Jopperhimer.java └── ProcessLibandroidRuntime.java ├── include ├── bluetooth.h ├── errors.h ├── leak.h ├── libandroid_runtime_constants.h ├── log.h ├── revshell.h └── smash.h ├── jop_experiment ├── .gitignore ├── Android.mk ├── Application.mk └── main.cpp ├── map_experiment ├── .gitignore ├── Android.mk ├── Application.mk └── main.cpp ├── media ├── CFI_Crash.png ├── Debugging.png ├── Execv_Chain.png ├── Fork_Chain.png ├── JOP_Experiment.png ├── Libchrome_Crash.png ├── Map_Experiment.png ├── Run.png └── Timeout.png ├── notes ├── JOP_PLAN.md ├── memcpy_trace_negative.txt ├── memcpy_trace_normal.txt ├── possible_crash_targets.txt ├── possible_jop_gadgets.txt └── possible_leak_targets.txt └── src ├── bluetooth.c ├── errors.c ├── exploit.c ├── leak.c ├── log.c └── smash.c /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/.gitignore -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/.vscode/settings.json -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/README.md -------------------------------------------------------------------------------- /exploit: -------------------------------------------------------------------------------- 1 | ./build/exploit.out -------------------------------------------------------------------------------- /gdbinit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/gdbinit -------------------------------------------------------------------------------- /ghidra_scripts/Jopperhimer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/ghidra_scripts/Jopperhimer.java -------------------------------------------------------------------------------- /ghidra_scripts/ProcessLibandroidRuntime.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/ghidra_scripts/ProcessLibandroidRuntime.java -------------------------------------------------------------------------------- /include/bluetooth.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/include/bluetooth.h -------------------------------------------------------------------------------- /include/errors.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/include/errors.h -------------------------------------------------------------------------------- /include/leak.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/include/leak.h -------------------------------------------------------------------------------- /include/libandroid_runtime_constants.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/include/libandroid_runtime_constants.h -------------------------------------------------------------------------------- /include/log.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/include/log.h -------------------------------------------------------------------------------- /include/revshell.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /include/smash.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/include/smash.h -------------------------------------------------------------------------------- /jop_experiment/.gitignore: -------------------------------------------------------------------------------- 1 | libs/** 2 | obj/** -------------------------------------------------------------------------------- /jop_experiment/Android.mk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/jop_experiment/Android.mk -------------------------------------------------------------------------------- /jop_experiment/Application.mk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/jop_experiment/Application.mk -------------------------------------------------------------------------------- /jop_experiment/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/jop_experiment/main.cpp -------------------------------------------------------------------------------- /map_experiment/.gitignore: -------------------------------------------------------------------------------- 1 | libs/** 2 | obj/** -------------------------------------------------------------------------------- /map_experiment/Android.mk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/map_experiment/Android.mk -------------------------------------------------------------------------------- /map_experiment/Application.mk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/map_experiment/Application.mk -------------------------------------------------------------------------------- /map_experiment/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/map_experiment/main.cpp -------------------------------------------------------------------------------- /media/CFI_Crash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/media/CFI_Crash.png -------------------------------------------------------------------------------- /media/Debugging.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/media/Debugging.png -------------------------------------------------------------------------------- /media/Execv_Chain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/media/Execv_Chain.png -------------------------------------------------------------------------------- /media/Fork_Chain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/media/Fork_Chain.png -------------------------------------------------------------------------------- /media/JOP_Experiment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/media/JOP_Experiment.png -------------------------------------------------------------------------------- /media/Libchrome_Crash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/media/Libchrome_Crash.png -------------------------------------------------------------------------------- /media/Map_Experiment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/media/Map_Experiment.png -------------------------------------------------------------------------------- /media/Run.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/media/Run.png -------------------------------------------------------------------------------- /media/Timeout.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/media/Timeout.png -------------------------------------------------------------------------------- /notes/JOP_PLAN.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/notes/JOP_PLAN.md -------------------------------------------------------------------------------- /notes/memcpy_trace_negative.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/notes/memcpy_trace_negative.txt -------------------------------------------------------------------------------- /notes/memcpy_trace_normal.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/notes/memcpy_trace_normal.txt -------------------------------------------------------------------------------- /notes/possible_crash_targets.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/notes/possible_crash_targets.txt -------------------------------------------------------------------------------- /notes/possible_jop_gadgets.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/notes/possible_jop_gadgets.txt -------------------------------------------------------------------------------- /notes/possible_leak_targets.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/notes/possible_leak_targets.txt -------------------------------------------------------------------------------- /src/bluetooth.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/src/bluetooth.c -------------------------------------------------------------------------------- /src/errors.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/src/errors.c -------------------------------------------------------------------------------- /src/exploit.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/src/exploit.c -------------------------------------------------------------------------------- /src/leak.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/src/leak.c -------------------------------------------------------------------------------- /src/log.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/src/log.c -------------------------------------------------------------------------------- /src/smash.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/themmokhtar/CVE-2020-0022/HEAD/src/smash.c --------------------------------------------------------------------------------