dirtyfrag

milliways-infosec/dirtyfrag

Fork 0

mirror of https://github.com/V4bel/dirtyfrag.git synced 2026-05-16 10:50:10 +00:00

Commit graph

Author	SHA1	Message	Date
Zi1chs	557f760d6b	Port exploit to aarch64 - Replace x86_64 shellcode/ELF in shell_elf[] with aarch64 equivalent (e_machine=0xb7, MOVZ/SVC instructions, syscall numbers 144/146/159/221). - Update verify_byte() check at post-write to look for the aarch64 MOVZ opcode signature (0x80 0xd2) instead of the x86 (0x31 0xff). - Update su_marker[] to match the first 8 bytes of the aarch64 shellcode. Tested on Kali aarch64 6.19.11+kali-arm64; xfrm-ESP leg lands cleanly. rxrpc leg is x86-only (oopses on aarch64 in flush_dcache_page).	2026-05-12 11:20:23 +07:00
V4bel	eb33132154	typo	2026-05-08 03:46:07 +09:00
V4bel	ea8b2efd81	init	2026-05-08 03:18:15 +09:00

Author

SHA1

Message

Date

Zi1chs

557f760d6b

Port exploit to aarch64

- Replace x86_64 shellcode/ELF in shell_elf[] with aarch64 equivalent
  (e_machine=0xb7, MOVZ/SVC instructions, syscall numbers 144/146/159/221).
- Update verify_byte() check at post-write to look for the aarch64 MOVZ
  opcode signature (0x80 0xd2) instead of the x86 (0x31 0xff).
- Update su_marker[] to match the first 8 bytes of the aarch64 shellcode.

Tested on Kali aarch64 6.19.11+kali-arm64; xfrm-ESP leg lands cleanly.
rxrpc leg is x86-only (oopses on aarch64 in flush_dcache_page).

2026-05-12 11:20:23 +07:00

V4bel

eb33132154

typo

2026-05-08 03:46:07 +09:00

V4bel

ea8b2efd81

init

2026-05-08 03:18:15 +09:00

3 commits