sud - a su daemon for corellium devices

Related tags

sud
Overview

sud(aemon)

What is this?

sud is a simplistic su daemon for Corellium, and maybe other, Android devices. It is older Superuser code, slightly refactored and heavily stripped down to the pure basics. Simply put, it will allow anyone who requests for su to be granted it. This is not something you should run on your personal device, this is a huge security issue. However if you want to test things or allow anything to run with root privledges, this is for you. This binary could also be easily modified to log all incoming su requests for such things as simplistic "taint" trace or watching what binaries use it for.

Build

Building should be rather simple, simply create a Makefile.local file to properly point to you compiled of choice (CC) and system root (SYSROOT). These are located inside your Android NDK (ANDROID_NDK) directory for most people. You can check the Makefile.local.sample in this repository as an example. Once this is done, simply run make.

[email protected]:../sud/ $ make
~/Android/Sdk/ndk/20.0.5594570/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android24-clang -o src/daemon.o src/daemon.c -c -O2 -Wall -Wextra -I./include/ 
~/Android/Sdk/ndk/20.0.5594570/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android24-clang -o src/pts.o src/pts.c -c -O2 -Wall -Wextra -I./include/ 
~/Android/Sdk/ndk/20.0.5594570/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android24-clang -o src/su.o src/su.c -c -O2 -Wall -Wextra -I./include/ 
~/Android/Sdk/ndk/20.0.5594570/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android24-clang -o bin/su src/daemon.o src/pts.o src/su.o -llog 
[email protected]:../sud/ $ ls -l bin 
total 44
-rwxrwxr-x 1 diff diff 41416 Jan 21 13:31 su

Alternatively, check the releases tab for a precompiled su binary.

Installing on Corellium Android Devices

Build the binaries in this repository following the directions in the Build section. Then on the local machines connect to the device via adb and push the following files;

adb push init.sud.rc /data/local/tmp/
adb push bin/su /data/local/tmp/

Then get a shell, via adb and run the following commands;

su
/system/bin/mount -orw,remount /system
/vendor/bin/cp /data/local/tmp/su /system/xbin/su
/vendor/bin/chown root /system/xbin/su
/system/bin/chcon u:object_r:su_exec:s0 /system/xbin/su
/vendor/bin/chmod 06755 /system/xbin/su

/vendor/bin/cp /data/local/tmp/init.sud.rc /system/etc/init/init.sud.rc
/vendor/bin/chown root /system/etc/init/init.sud.rc
/system/bin/chcon u:object_r:system_file:s0 /system/etc/init/init.sud.rc
/vendor/bin/chmod 644 /system/etc/init/init.sud.rc

/system/bin/reboot

License

These files are a mash-up and refactor from a number of sources. We've retained both the licensing from all those files and added ourselves to any files modified. If we've somehow missed anyone from the files in the transition, please submit a pull request and we will fix it as soon as possible!

   Copyright 2020, Corellium, LLC
   Copyright 2013, Tan Chee Eng (@tan-ce)
   Copyright 2010, Adam Shanks (@ChainsDD)
   Copyright 2008, Zinx Verituse (@zinxv)
  
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
  
       http://www.apache.org/licenses/LICENSE-2.0
  
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
Releases(v1.1)
Owner
Corellium
Corellium
Platform independent Near Field Communication (NFC) library

*- * Free/Libre Near Field Communication (NFC) library * * Libnfc historical contributors: * Copyright (C) 2009 Roel Verdult * Copyright (C) 2009

null 986 Feb 19, 2021
Library that solves the exact cover problem using Dancing Links, also known as DLX.

The DLX Library The DLX library The DLX library solves instances of the exact cover problem, using Dancing Links (Knuth’s Algorithm X). Also included

Ben Lynn 35 Feb 16, 2021
A cross-platform protocol library to communicate with iOS devices

libimobiledevice A library to communicate with services on iOS devices using native protocols. Features libimobiledevice is a cross-platform software

libimobiledevice 3.8k Feb 20, 2021
Applications based on Wi-Fi CSI (Channel state information), such as indoor positioning, human detection

ESP-CSI The main purpose of this project is to show the use of ESP-WIFI-CSI. The human body detection algorithm is still being optimized. You can get

Espressif Systems 10 Mar 4, 2021
A protocol framework for ZeroMQ

zproto - a protocol framework for ZeroMQ Contents Man Page The Codec Generator The Server Generator Quick Background The State Machine Model The zprot

The ZeroMQ project 215 Feb 10, 2021
Internet Key Exchange version 2 (IKEv2) daemon - portable version of OpenBSD iked

Portable OpenIKED This is a port of OpenBSD's OpenIKED to different Unix-like operating systems, including Linux, macOS and FreeBSD.

OpenIKED 12 Feb 19, 2021
iOS 10.x 32 and 64 bit jailbreak with spicy autoexecution

ap0110 ap0110 is an autoexecuting jailbreak for iOS 10.x, on 32 and 64-bit. Developed by the Athenus Dev Team and w212. <3 Credits tihmstar - h

Athenus Dev Team 16 Apr 7, 2021
A CoAP (RFC 7252) implementation in C

libcoap: A C implementation of the Constrained Application Protocol (RFC 7252) Copyright (C) 2010—2021 by Olaf Bergmann [email protected] and others AB

null 532 Feb 19, 2021
UClamp backports and custom tunings for different kernel versions/devices

Linux kernel ============ This file was moved to Documentation/admin-guide/README.rst Please notice that there are several guides for kernel develop

null 11 Feb 27, 2021
[WIP] A Riru module tries to enable Magisk hide for isolated processes.

Riru-IsolatedMagiskHider Background Many applications now detect Magisk for security, Magisk provided "Magisk Hide" to prevent detection, but isolated

残页 85 Apr 26, 2021
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation

Vulnerable Kext A WIP (work-in progress) "Vulnerable by Design" kext for iOS/macOS to play/learn with *OS kernel exploitation Usage Documentation can

Chaithu 184 Mar 1, 2021
GSmartControl - Hard disk drive and SSD health inspection tool

GSmartControl Hard disk drive and SSD health inspection tool GSmartControl is a graphical user interface for smartctl (from smartmontools package), wh

Alexander Shaduri 13 Mar 19, 2021