Share
## https://sploitus.com/exploit?id=6A8BC085-1A06-51AC-AC69-C0F171E7E249
This is a PoC exploit for CVE-2020-8899, a memory corruption vulnerability in the Samsung Qmage codec. The exploit targets a Samsung Galaxy Note 10+ phone running Android 10 via MMS. The exploit code is written in Python and requires the following software to be locally installed: Python 3, Netwide Assembler (nasm), and NowSMS MMS Gateway with a correctly set up modem. The script is mostly configured through the config.json file, but there are also some hardcoded values related to the libhwui.so and linker64 modules in exploit.py. The exploit uses a custom signal handler to print out a verbose AddressSanitizer-like report when a crash is encountered. The report includes the type of the exception, a symbolized call stack, disassembly of the relevant code, and CPU register values. The exploit also uses a custom allocator, libdislocator, which places each new allocation directly before the end of a memory page, facilitating more precise detection of out-of-bounds memory accesses. The loader in this repository was used by Google Project Zero to run Qmage fuzzing at scale in January 2020, resulting in the uncovering of 5218 unique crashes, including hundreds of memory corruption issues.