Need help with TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

146 Stars 25 Forks 2 Commits 1 Opened issues

Services available


Need anything else?

Contributors list

# 272,401
1 commit


As more and more mitigations have been introduced into Android, it has become much more difficult to root modern Android devices, in particular, remotely root. This is especially true for Pixel devices as they always have the latest updates and mitigations. In this paper, we will explain why Pixel devices are challenging targets and will give an attack surface analysis of remotely compromising Android. Furthermore, we will introduce an exploit chain, code-named TiYunZong, which can be leveraged to remotely root a wide range of Qualcomm-based Android devices including Pixel Devices. The three bugs are CVE-2019-5870, CVE-2019-5877, CVE-2019-10567. We will also present an effective and stable approach to chain these three vulnerabilities for exploitation without any ROP, despite the fact that ROP is the most common technique to exploit complicated vulnerabilities. The exploit chain is the first reported oneclick remote root exploit chain on Pixel devices and won the highest reward for a single exploit chain across all Google VRP programs

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.