Autarch

sssnake/Autarch

Fork 0

Commit Graph

Author	SHA1	Message	Date
DigiJ	384d988ac6	Add privilege escalation exploits — CVE-2024-0044, CVE-2024-31317, GrapheneOS detection core/android_exploit.py: - detect_os_type(): identifies Stock Android vs GrapheneOS, checks bootloader, hardened_malloc, Pixel hardware, kernel version - assess_vulnerabilities(): scans device for all exploitable privilege escalation paths based on SDK version, patch level, OS type, bootloader state - exploit_cve_2024_0044(): run-as any app UID via PackageInstaller newline injection (Android 12-13, pre-Oct 2024 patch) - exploit_cve_2024_31317(): Zygote injection via hidden_api_blacklist_exemptions (Android 12-14, pre-Mar 2024 patch, NOT GrapheneOS — exec spawning blocks it) - fastboot_temp_root(): boot Magisk-patched image without flashing (unlocked BL) - cleanup_cve_2024_0044(): remove exploit traces modules/android_root.py v2.0: - 12 menu options including vulnerability assessment, OS detection, both CVEs, fastboot temp root, exploit binary deployment, and trace cleanup Vulnerability database covers: CVE-2024-0044, CVE-2024-31317, CVE-2023-6241 (Pixel GPU), CVE-2025-0072 (Mali MTE bypass), CVE-2024-53104 (Cellebrite USB) GrapheneOS-aware: detects exec spawning model, hardened_malloc, locked bootloader, stricter SELinux; blocks inapplicable exploits (CVE-2024-31317 Zygote injection) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-03 14:19:50 -08:00
DigiJ	ffe47c51b5	Initial public release — AUTARCH v1.0.0 Full security platform with web dashboard, 16 Flask blueprints, 26 modules, autonomous AI agent, WebUSB hardware support, and Archon Android companion app. Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-01 03:57:32 -08:00

Author

SHA1

Message

Date

DigiJ

384d988ac6

Add privilege escalation exploits — CVE-2024-0044, CVE-2024-31317, GrapheneOS detection

core/android_exploit.py:
- detect_os_type(): identifies Stock Android vs GrapheneOS, checks bootloader,
  hardened_malloc, Pixel hardware, kernel version
- assess_vulnerabilities(): scans device for all exploitable privilege escalation
  paths based on SDK version, patch level, OS type, bootloader state
- exploit_cve_2024_0044(): run-as any app UID via PackageInstaller newline injection
  (Android 12-13, pre-Oct 2024 patch)
- exploit_cve_2024_31317(): Zygote injection via hidden_api_blacklist_exemptions
  (Android 12-14, pre-Mar 2024 patch, NOT GrapheneOS — exec spawning blocks it)
- fastboot_temp_root(): boot Magisk-patched image without flashing (unlocked BL)
- cleanup_cve_2024_0044(): remove exploit traces

modules/android_root.py v2.0:
- 12 menu options including vulnerability assessment, OS detection, both CVEs,
  fastboot temp root, exploit binary deployment, and trace cleanup

Vulnerability database covers: CVE-2024-0044, CVE-2024-31317, CVE-2023-6241
(Pixel GPU), CVE-2025-0072 (Mali MTE bypass), CVE-2024-53104 (Cellebrite USB)

GrapheneOS-aware: detects exec spawning model, hardened_malloc, locked bootloader,
stricter SELinux; blocks inapplicable exploits (CVE-2024-31317 Zygote injection)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-03 14:19:50 -08:00

DigiJ

ffe47c51b5

Initial public release — AUTARCH v1.0.0

Full security platform with web dashboard, 16 Flask blueprints, 26 modules,
autonomous AI agent, WebUSB hardware support, and Archon Android companion app.

Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit
integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-01 03:57:32 -08:00

2 Commits