# Metaphor

**Repository Path**: mirrors_NorthBit/Metaphor

## Basic Information

- **Project Name**: Metaphor
- **Description**: Metaphor - Stagefright with ASLR bypass
- **Primary Language**: Unknown
- **License**: GPL-3.0
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2022-01-11
- **Last Updated**: 2026-04-13

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Metaphor
Metaphor - Stagefright with ASLR bypass
By Hanan Be'er from NorthBit Ltd.

Link to whitepaper:
https://raw.githubusercontent.com/NorthBit/Public/master/NorthBit-Metaphor.pdf

Twitter:
https://twitter.com/High_Byte

Metaphor's source code is now released!
The source include a PoC that generates MP4 exploits in real-time and bypassing ASLR.
The PoC includes lookup tables for Nexus 5 Build LRX22C with Android 5.0.1. Server-side of the PoC include simple PHP scripts that run the exploit generator - I'm using XAMPP to serve gzipped MP4 files. The attack page is index.php.

The exploit generator is written in Python and used by the PHP code.

```sh
usage: metaphor.py [-h] [-c CONFIG] -o OUTPUT {leak,rce,suicide} ...

positional arguments:
  {leak,rce,suicide}    Type of exploit to generate

optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
                        Override exploit configuration
  -o OUTPUT, --output OUTPUT
```

Credits:
To the NorthBit team
E.P. - My shining paladin, for assisting in boosting this project to achieve all the goals.