Metaphor - Stagefright with ASLR bypass.

Metaphor – Stagefright with ASLR bypass.

Metaphor’s source code is now released! The source include a PoC that generates MP4 exploits in real-time and bypassing ASLR. The PoC includes lookup tables for Nexus 5 Build LRX22C with Android 5.0.1. Server-side of the PoC include simple PHP scripts that run the exploit generator – we using XAMPP to serve gzipped MP4 files. The attack page is index.php.

The exploit generator is written in Python and used by the PHP code.

The exploit generator is written in Python and used by the PHP code.

Usage:

Source: https://github.com/NorthBit