-------------------------------------------------------------------------------- ----------- [ Android Browser 4.0.x-4.3.x remote2local exploit ] --------------- ------------------------ [ Building instructions ] ----------------------------- -------------------------------------------------------------------------------- This document explains how to build and run the Android Browser remote2local XSLT exploit. -- [ BUILDING ] The exploit build is actually a 2-stage process. First, you need to compile the C and assembly parts of the exploit and integrate them into the relevant javascript files, performing minification and obfuscation with Google Closure Compiler. This is the first part of the building process. Please note that PERFORMING THIS OPERATION IS RARELY NECESSARY! You will need to compile everything from scratch only if you need to modify low-level exploit functions. Server configuration (EDN configuration files, IP addresses, encryption keys...) is set in the EDN build process, which is faster and does not have special requirements. A precompiled and tested version of this step is provided. After the compilation is done, you will need to integrate the remote2root exploit, apk file, and set server-specific variables, in order to deploy it on the customer VPS, which is the second part of the build. This is explained in EDN_BUILD. If, however, you actually need to rebuild the whole exploit, follow the instruction in the "Building from sources" section, otherwise you can safely skip that. --- [ Building from sources ] ---- [ Dependencies ] You will need the following configured and in your PATH: * Android NDK * Android SDK headers * pyelftools (https://github.com/eliben/pyelftools) --- [ How to build ] * Edit the file src/module/jni/Android.mk and replace the SDK header file path. * Chdir to the exploit root directory and run python build.py release * The compiled exploit will be written to ./build/release --- [ How to generate the EDN package ] * After the compilation, compress all the files in ./build/release as a zip. The resulting zip file must contain no subdirectories and all files must reside at top level, e.g., android43_browser_remote.zip +- build +- exploit . . +- stylesheet.xsl * Follow the instruction in EDN_BUILD .