Jump to content
Nytro

Android exploitation primers: listing the veil on mobile offensive security (Vol. I)

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Android exploitation primers: lifing the veil

on mobile offensive security (Vol. I)

Table of Contents
1 Overview............................................................................................................ 1
1.1 On the usefulness of information leak vulnerabilities .............................................. 1
2 Technical Details................................................................................................. 2
2.1 Motivation............................................................................................................. 2
2.2 Pre-4.1 information leak exploitation ..................................................................... 3
2.3 Post-4.1 information leak exploitation .................................................................... 7
2.4 Building your ROP chain dynamically.................................................................... 7
2.4.1 Searching for the gadgets ................................................................................. 7
2.4.2 Building the ROP chain ................................................................................... 9
2.4.3 Identifying the Android version and JavaScript engine............................................. 9
2.5 Case study: Leveraging CVE-2010-4577 ................................................................. 11
2.5.1 The bug ...................................................................................................... 11
2.5.2 Exploitation walk-through............................................................................... 14
2.6 Mitigation ........................................................................................................... 17
2.7 Future work ......................................................................................................... 17
3 Closing words................................................................................................... 19
3.1 Lessons learned.................................................................................................... 19
3.2 To mobile device and so?ware vendors ................................................................. 19
3.3 An open le?er for the exploit market..................................................................... 20
References .............................................................................................................. 26

Download:

https://subreption.com/site_media/uploads/reports/droidleak_release.pdf

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...