Get Handle for Binder_node through in Android

8 hours ago 3
ARTICLE AD BOX

I'm trying to learn exploitdev for fun. While researching cve-2023-20938 (android binder uaf), I encountered a barrier. I need to create binder_node in my process and get handle for that binder_node in order to send malicious transactions. But I have no idea how to get handle for specific binder_node or how to create new binder_node and register it in context manager in android kernel.

I find a github repo that likely reproduces that bug but it uses ITokenManager but I have no idea what it is and I could find any docs for that.

If you have such experience, please help me.

Read Entire Article
  3. Get Handle for Binder_node through in Android

Related

How to ask Android for the right to access user files

How to ask Android for the right to access user files

How to implement peer-to-peer communication in Flutter after Nearby Connections package became unavailable [closed]

How to implement peer-to-peer communication in Flutter after Nearby Connections package became unavailable [closed]

How to force SMS verification code instead of Telegram app notification using Telethon? [closed]

How to force SMS verification code instead of Telegram app notification using Telethon? [closed]

LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.