{"uuid": "6970afaf-1cf2-4a71-9f41-a2ebe6a075f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3527", "content": "\ud83d\udd25 Bad Spin : Android Binder LPE\n\nPrivilege escalation exploit from unstrusted_app for Android Binder vulnerability (CVE-2022-20421).\n\nRun from shell:\n\n1\ufe0f\u20e3Compile the libbadspin.so library by typing make push in the src/ directory. This will also push the library to /data/local/tmp.\n\n2\ufe0f\u20e3Run adb shell.\n\n3\ufe0f\u20e3Run LD_PRELOAD=/data/local/tmp/libbadspin.so sleep 1. This will load the library and start the exploit.\n\nRun from demo app:\n\n1\ufe0f\u20e3Compile libbadspin.so by typing make push in the src/ directory. This will copy the library to the assets directory for the demo Android app.\n\n2\ufe0f\u20e3Compile the demo Android app in the app/ directory. (You might need Android Studio to do this.)\n\n3\ufe0f\u20e3Run the app and click on the \"Exploit\" button.\n\n4\ufe0f\u20e3Consume logs using: adb logcat -s BADSPIN\n\nDownload", "creation_timestamp": "2023-05-20T06:50:36.000000Z"}