Autarch

sssnake/Autarch

Fork 0

Commit Graph

Author	SHA1	Message	Date
DigiJ	57dfd8f41a	Add Android 15/16 privilege escalation CVEs to vulnerability assessment New exploit paths for current Android versions: - CVE-2025-48543: ART runtime UAF → system UID (Android 13-16, pre-Sep 2025) Public PoC available. Works from malicious app — no ADB needed. - CVE-2025-48572/48633: Framework info leak + EoP chain (Android 13-16, pre-Dec 2025) CISA KEV listed, confirmed in-the-wild. No public PoC yet. - pKVM kernel bugs (CVE-2025-48623/24, CVE-2026-0027/28/37): kernel/hypervisor escalation from system UID. Chain: ART UAF → pKVM → full kernel root. - avbroot + KernelSU-Next/Magisk for GKI 6.1/6.6 on Android 15/16 Pixel 9 assess_vulnerabilities() now covers Android 12 through 16 with automatic exploit path selection based on SDK version and security patch level. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-03 14:31:42 -08:00
DigiJ	384d988ac6	Add privilege escalation exploits — CVE-2024-0044, CVE-2024-31317, GrapheneOS detection core/android_exploit.py: - detect_os_type(): identifies Stock Android vs GrapheneOS, checks bootloader, hardened_malloc, Pixel hardware, kernel version - assess_vulnerabilities(): scans device for all exploitable privilege escalation paths based on SDK version, patch level, OS type, bootloader state - exploit_cve_2024_0044(): run-as any app UID via PackageInstaller newline injection (Android 12-13, pre-Oct 2024 patch) - exploit_cve_2024_31317(): Zygote injection via hidden_api_blacklist_exemptions (Android 12-14, pre-Mar 2024 patch, NOT GrapheneOS — exec spawning blocks it) - fastboot_temp_root(): boot Magisk-patched image without flashing (unlocked BL) - cleanup_cve_2024_0044(): remove exploit traces modules/android_root.py v2.0: - 12 menu options including vulnerability assessment, OS detection, both CVEs, fastboot temp root, exploit binary deployment, and trace cleanup Vulnerability database covers: CVE-2024-0044, CVE-2024-31317, CVE-2023-6241 (Pixel GPU), CVE-2025-0072 (Mali MTE bypass), CVE-2024-53104 (Cellebrite USB) GrapheneOS-aware: detects exec spawning model, hardened_malloc, locked bootloader, stricter SELinux; blocks inapplicable exploits (CVE-2024-31317 Zygote injection) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-03 14:19:50 -08:00
DigiJ	ffe47c51b5	Initial public release — AUTARCH v1.0.0 Full security platform with web dashboard, 16 Flask blueprints, 26 modules, autonomous AI agent, WebUSB hardware support, and Archon Android companion app. Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-01 03:57:32 -08:00

Author

SHA1

Message

Date

DigiJ

57dfd8f41a

Add Android 15/16 privilege escalation CVEs to vulnerability assessment

New exploit paths for current Android versions:
- CVE-2025-48543: ART runtime UAF → system UID (Android 13-16, pre-Sep 2025)
  Public PoC available. Works from malicious app — no ADB needed.
- CVE-2025-48572/48633: Framework info leak + EoP chain (Android 13-16, pre-Dec 2025)
  CISA KEV listed, confirmed in-the-wild. No public PoC yet.
- pKVM kernel bugs (CVE-2025-48623/24, CVE-2026-0027/28/37): kernel/hypervisor
  escalation from system UID. Chain: ART UAF → pKVM → full kernel root.
- avbroot + KernelSU-Next/Magisk for GKI 6.1/6.6 on Android 15/16 Pixel 9

assess_vulnerabilities() now covers Android 12 through 16 with automatic
exploit path selection based on SDK version and security patch level.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-03 14:31:42 -08:00

DigiJ

384d988ac6

Add privilege escalation exploits — CVE-2024-0044, CVE-2024-31317, GrapheneOS detection

core/android_exploit.py:
- detect_os_type(): identifies Stock Android vs GrapheneOS, checks bootloader,
  hardened_malloc, Pixel hardware, kernel version
- assess_vulnerabilities(): scans device for all exploitable privilege escalation
  paths based on SDK version, patch level, OS type, bootloader state
- exploit_cve_2024_0044(): run-as any app UID via PackageInstaller newline injection
  (Android 12-13, pre-Oct 2024 patch)
- exploit_cve_2024_31317(): Zygote injection via hidden_api_blacklist_exemptions
  (Android 12-14, pre-Mar 2024 patch, NOT GrapheneOS — exec spawning blocks it)
- fastboot_temp_root(): boot Magisk-patched image without flashing (unlocked BL)
- cleanup_cve_2024_0044(): remove exploit traces

modules/android_root.py v2.0:
- 12 menu options including vulnerability assessment, OS detection, both CVEs,
  fastboot temp root, exploit binary deployment, and trace cleanup

Vulnerability database covers: CVE-2024-0044, CVE-2024-31317, CVE-2023-6241
(Pixel GPU), CVE-2025-0072 (Mali MTE bypass), CVE-2024-53104 (Cellebrite USB)

GrapheneOS-aware: detects exec spawning model, hardened_malloc, locked bootloader,
stricter SELinux; blocks inapplicable exploits (CVE-2024-31317 Zygote injection)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-03 14:19:50 -08:00

DigiJ

ffe47c51b5

Initial public release — AUTARCH v1.0.0

Full security platform with web dashboard, 16 Flask blueprints, 26 modules,
autonomous AI agent, WebUSB hardware support, and Archon Android companion app.

Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit
integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-01 03:57:32 -08:00

3 Commits