From 85bc9aea17ca65fedec8e8b967441a84cd6a1efb Mon Sep 17 00:00:00 2001
From: Grant Hernandez <grant.h.hernandez@gmail.com>
Date: Tue, 15 Oct 2019 17:04:25 -0400
Subject: [PATCH] Create README.md

---
 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..fc15fae
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+# qu1ckr00t
+A PoC application demonstrating the power of an Android kernel arbitrary R/W (CVE-2019-2215).
+
+**Qu1ckR00t is a PROOF OF CONCEPT. It should NOT be used on your personal device with valuable userdata. It has only been tested on a Pixel 2. Running it on any other device / kernel will likely lead to a crash or even data loss. DO NOT install extra Magisk environment files or upgrade Magisk if prompted as this will patch boot, breaking DM-Verity on next boot likely leading to data-loss when you need to reflash.**
+
+No prebuilt APKs are provided to avoid people messing up their device. Build and customize it to your specific device!
+
+## Notes
+Native binaries (Magisk + exploit) are bundled into the APK in [app/src/main/res/raw](https://github.com/grant-h/qu1ckr00t/tree/master/app/src/main/res/raw). Add or replace these with device-specific code.
+The YOLO-magisk installer is at [app/src/main/res/raw/magisk_install](https://github.com/grant-h/qu1ckr00t/blob/master/app/src/main/res/raw/magisk_install) and has only been tested on a AArch64 Pixel 2 running Android Q.
+
+## Limitations
+* Magisk was never meant to be installed without a patched boot image
+* Magisk install is core-mode only
+* Magisk app SU notifications don't appear to be working due to the `request` intent not making it. I manually sent it during the SU timeout window using ADB and the command: `am start -n APP_ID/a.m --user 0 -f 0x18000020 -a request --es socket SOCKET_ID`, where APP_ID is the package name of the install magisk manager and SOCKET_ID is the listening socket of the `magisk` daemon (found using `lsof | grep magisk | grep ' @'` in a root shell)
+
+## Related
+* https://github.com/kangtastic/cve-2019-2215/blob/master/cve-2019-2215.c