Awesome

CVE-2016-5195 GoldFish 3.4

• This works on the goldfish 3.4 Emulator

• Initroot: https://alephsecurity.com/2017/06/07/initroot-moto/ has been released for my device (harpia), so I have stopped porting the exploit to my device (harpia/...).

• I have learnt a large amount from working on this project, but initroot appears to be a better option.

• goldifsh/... has the files to execute this exploit on android.

• goldfish/runme.sh has the steps to deploy and execute the exploit

• mod_exploit/ is a kernel module that creates the exploit shell code (see expmod.c) extracted by goldfish/..

• As a PoC the exploit will call trace_printk to print some text to /sys/kernel/debug/tracing/trace, the correct trace_printk pointer for your goldfish kernel should be set in expmod.c