Awesome
DirtyPipe for Android
Dirty Pipe (CVE-2022-0847) temporary root PoC for Android.
Targets
Currently only run on Pixel 6 with security patch level from 2022-02-05 to 2022-04-05. Don't use on other devices or other versions. It must crash (reboot).
Dirty Pipe is finally patched on 2022 May security update on Pixel 6.
There is a port to Realme GT2 Pro by @rapperskull (https://github.com/polygraphene/DirtyPipe-Android/issues/12). link
Certain version of Galaxy S22 is also vulnerable. But not ported yet. (https://github.com/polygraphene/DirtyPipe-Android/issues/3)
WARNING
There is possiblity to brick your phone by using this tool. Use it at your own risk. Especially, don't update/install magisk from magisk app. It will cause permanent brick.
How to use
- Download binary from release page.
- Setup adb (android platform tools).
- Launch run.bat (For Windows) or run.sh (For Linux/Mac)
- If you get
'adb' is not recognized ...errors, check to add adb to PATH.
- If you get
- Wait several seconds (~30s) until Magisk app is automatically installed.
- Run
adb shellthen/dev/.magisk/su(Or simplysu) to get root shell.
About Magisk
- Don't use install button on magisk app. It will brick your phone.
- Don't reboot even if magisk app request. It will lose temporary root.
- Only support root access. No magisk/zygisk modules support.
How to build
- Install Android NDK
- Set PATH for aarch64-linux-android31-clang
export PATH=$PATH:$ANDROID_NDK/toolchains/llvm/prebuilt/linux-x86_64/bin
- Run make
$ make
How to build kernel module
- Download Pixel 6 kernel source. Link
- Put mymod directory on kernel/private/google-modules/
- Apply mymod/build-script-patch.patch to kernel/private/gs-google
- Run build script
# For the first build
$ LTO=thin ./build/build.sh
# For faster rebuild (skip full rebuild)
$ SKIP_MRPROPER=1 SKIP_DEFCONFIG=1 LTO=thin ./build/build.sh
Technical details
See here
Future work
Stop using insecure telnet- Make apk
Install Magisk- Add device support