Share
## https://sploitus.com/exploit?id=68F8A201-8DB7-55DE-96E5-ECCBD5DB818E
This is a PoC exploit for the Dirty Pipe vulnerability (CVE-2022-0847) on Android, specifically targeting Pixel 6 devices with a security patch level from 2022-02-05 to 2022-04-05. The exploit is designed to overwrite readable files and can't overwrite the first byte of each page (each 4096 bytes). It requires Linux 5.8 or later and has two major limitations: the offset cannot be on a page boundary, and the write cannot cross a page boundary.

The exploit process comprises two stages:

1. Hooking the init process and rewriting /vendor/bin/modprobe and vendor library.
2. Loading a kernel module to disable SELinux.

The exploit overwrites /system/lib64/libc++.so, which is used by init, and hooks the function `_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEEC2Ev` in libc++. It then sends a payload via /system/lib/libldacBT_enc.so, which is mapped by libc++.

The second stage overwrites /vendor/bin/modprobe with modprobe-payload and /vendor/lib/libstagefright_soft_mp3dec.so with the content of the kernel module (mymod.ko). The