Sorry, this site doesn't work properly without JavaScript.

DirtyPipe for Android - Root Exploit for Pixel 6

by Admin

on 13:42 13:47

Dirty Pipe (CVE-2022-0847) temporary root PoC for Android. Currently, this exploit run on Pixel 6 only with security patch level 2022-02-05.

Don't use on other devices or other versions. It may damage your device.
Use it at your own risk, we are not responsible for any damage caused

How to use

Download binary from release page.
Setup adb (android platform tools).
Launch run.bat (For Windows) or run.sh (For Linux/Mac)
- If you get 'adb' is not recognized ... errors, check to add adb to PATH.
You now get temporary root shell by telnet 10847

How to build

1. Install Android NDK

2. Set PATH for aarch64-linux-android31-clang

export PATH=$PATH:$ANDROID\_NDK/toolchains/llvm/prebuilt/linux-x86\_64/bin

3. Run make

$ make

How to build kernel module

Download Pixel 6 kernel source. Link
Put mymod directory on kernel/private/google-modules/
Apply mymod/build-script-patch.patch to kernel/private/gs-google
Run build script

# For the first build $ LTO=thin ./build/build.sh # For faster rebuild (skip full rebuild) $ SKIP\_MRPROPER=1 SKIP\_DEFCONFIG=1 LTO=thin ./build/build.sh

Download DirtyPipe for Android

Newer Posts Older Posts


<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/745881458-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY6678tAQs29nnz3M9ujbGb71mCz0A:1734895412081';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3163889773480073810','//tools.cyberkendra.com/2022/03/dirtypipe-for-android-root-exploit-for.html','3163889773480073810');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3163889773480073810', 'title': 'Hack Tools', 'url': 'https://tools.cyberkendra.com/2022/03/dirtypipe-for-android-root-exploit-for.html', 'canonicalUrl': 'https://tools.cyberkendra.com/2022/03/dirtypipe-for-android-root-exploit-for.html', 'homepageUrl': 'https://tools.cyberkendra.com/', 'searchUrl': 'https://tools.cyberkendra.com/search', 'canonicalHomepageUrl': 'https://tools.cyberkendra.com/', 'blogspotFaviconUrl': 'https://tools.cyberkendra.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-43857487-1', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Hack Tools - RSS\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3163889773480073810/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/8435644523221572364/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-1618281995222563', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/361ce9cf7a112c52', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Learn more \xbb', 'pageType': 'item', 'postId': '8435644523221572364', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilL3x1cMBJhHqrxkEni_aQjHsxXDkXvHfm4PK6ZhK_UtFN1KsjRtQcfG2ZMUxpE93s1vJpcX1ExKd0Bc3YHlH0X8YCLN4KlS88wWZ3FaKfTCvbyWojA_j8ASGH-HXNqtmZegf3BqhVAiaMr1UUxdhy9_1iFiR8ur0hQeNiBr9sDDVNyo-EBi4tPVr0Vg/s72-w640-c-h358/screenshot1.png', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilL3x1cMBJhHqrxkEni_aQjHsxXDkXvHfm4PK6ZhK_UtFN1KsjRtQcfG2ZMUxpE93s1vJpcX1ExKd0Bc3YHlH0X8YCLN4KlS88wWZ3FaKfTCvbyWojA_j8ASGH-HXNqtmZegf3BqhVAiaMr1UUxdhy9_1iFiR8ur0hQeNiBr9sDDVNyo-EBi4tPVr0Vg/w640-h358/screenshot1.png', 'pageName': 'DirtyPipe for Android - Root Exploit for Pixel 6', 'pageTitle': 'Hack Tools: DirtyPipe for Android - Root Exploit for Pixel 6', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'DirtyPipe for Android - Root Exploit for Pixel 6', 'description': '', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilL3x1cMBJhHqrxkEni_aQjHsxXDkXvHfm4PK6ZhK_UtFN1KsjRtQcfG2ZMUxpE93s1vJpcX1ExKd0Bc3YHlH0X8YCLN4KlS88wWZ3FaKfTCvbyWojA_j8ASGH-HXNqtmZegf3BqhVAiaMr1UUxdhy9_1iFiR8ur0hQeNiBr9sDDVNyo-EBi4tPVr0Vg/w640-h358/screenshot1.png', 'url': 'https://tools.cyberkendra.com/2022/03/dirtypipe-for-android-root-exploit-for.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 8435644523221572364}}, {'name': 'widgets', 'data': [{'title': 'JavaScript Variables', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList995'}, {'title': 'CSS Options', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList996'}, {'title': 'Custom SVG Pack (SVG Sprites)', 'type': 'HTML', 'sectionId': 'elcreative_panel_top', 'id': 'HTML994'}, {'title': 'Hack Tools (Header)', 'type': 'Header', 'sectionId': 'section_app_bar', 'id': 'Header1'}, {'title': 'Navigation Drawer Menu', 'type': 'LinkList', 'sectionId': 'section_navigation', 'id': 'LinkList999'}, {'title': 'More Menu', 'type': 'PageList', 'sectionId': 'section_navigation', 'id': 'PageList999'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'section_main_widget', 'id': 'Blog1', 'posts': [{'id': '8435644523221572364', 'title': 'DirtyPipe for Android - Root Exploit for Pixel 6', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilL3x1cMBJhHqrxkEni_aQjHsxXDkXvHfm4PK6ZhK_UtFN1KsjRtQcfG2ZMUxpE93s1vJpcX1ExKd0Bc3YHlH0X8YCLN4KlS88wWZ3FaKfTCvbyWojA_j8ASGH-HXNqtmZegf3BqhVAiaMr1UUxdhy9_1iFiR8ur0hQeNiBr9sDDVNyo-EBi4tPVr0Vg/w640-h358/screenshot1.png', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': ''}]}, {'title': '', 'type': 'PopularPosts', 'sectionId': 'section_aside_widget', 'id': 'PopularPosts1', 'posts': [{'title': 'How to Make an Ultraviolet Proxy', 'id': 4136313195510303947}, {'title': 'DonPAPI : Dumping DPAPI Credential Remotely', 'id': 6420833811014774451}, {'title': 'Hamster Kombat: Auto Clicker and Desktop Version', 'id': 8917637877258325562}, {'title': 'Kali NetHunter 3.0 - Android Mobile Penetration Testing Platform', 'id': 2383422745859449491}, {'title': 'Logicytics: System Data Harvester', 'id': 1973731440007272267}, {'title': 'Mobile Verification Toolkit For Pegasus Infection', 'id': 6345311964280523725}, {'title': 'Download Burp Suite 2021.6', 'id': 7695231550087191663}]}, {'title': '', 'type': 'HTML', 'sectionId': 'section_aside_widget', 'id': 'HTML1'}, {'title': 'Custom Vanilla JavaScript', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML998'}, {'title': 'Custom jQuery Script', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML999'}, {'title': 'Contact Form', 'type': 'ContactForm', 'sectionId': 'hidden', 'id': 'ContactForm1'}]}]);
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList995', 'elcreative_panel_top', document.getElementById('LinkList995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList996', 'elcreative_panel_top', document.getElementById('LinkList996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML994', 'elcreative_panel_top', document.getElementById('HTML994'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'section_app_bar', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList999', 'section_navigation', document.getElementById('LinkList999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList999', 'section_navigation', document.getElementById('PageList999'), {'title': 'More Menu', 'links': [{'isCurrentPage': false, 'href': 'https://tools.cyberkendra.com/', 'title': 'Home'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'section_main_widget', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'section_aside_widget', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'section_aside_widget', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML998', 'elcreative_panel_bottom', document.getElementById('HTML998'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML999', 'elcreative_panel_bottom', document.getElementById('HTML999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ContactFormView', new _WidgetInfo('ContactForm1', 'hidden', document.getElementById('ContactForm1'), {'contactFormMessageSendingMsg': 'Sending...', 'contactFormMessageSentMsg': 'Your message has been sent.', 'contactFormMessageNotSentMsg': 'Message could not be sent. Please try again later.', 'contactFormInvalidEmailMsg': 'A valid email address is required.', 'contactFormEmptyMessageMsg': 'Message field cannot be empty.', 'title': 'Contact Form', 'blogId': '3163889773480073810', 'contactFormNameMsg': 'Name', 'contactFormEmailMsg': 'Email', 'contactFormMessageMsg': 'Message', 'contactFormSendMsg': 'Send', 'contactFormToken': 'AOuZoY5WbhJ_Bu6I0m0r7brWnBt0-ellew:1734895412082', 'submitUrl': 'https://www.blogger.com/contact-form.do'}, 'displayModeFull'));
</script>
</body>