Jump to content
Nytro

Android exploitation primers: listing the veil on mobile offensive security (Vol. I)

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Android exploitation primers: lifing the veil

on mobile offensive security (Vol. I)

Table of Contents
1 Overview............................................................................................................ 1
1.1 On the usefulness of information leak vulnerabilities .............................................. 1
2 Technical Details................................................................................................. 2
2.1 Motivation............................................................................................................. 2
2.2 Pre-4.1 information leak exploitation ..................................................................... 3
2.3 Post-4.1 information leak exploitation .................................................................... 7
2.4 Building your ROP chain dynamically.................................................................... 7
2.4.1 Searching for the gadgets ................................................................................. 7
2.4.2 Building the ROP chain ................................................................................... 9
2.4.3 Identifying the Android version and JavaScript engine............................................. 9
2.5 Case study: Leveraging CVE-2010-4577 ................................................................. 11
2.5.1 The bug ...................................................................................................... 11
2.5.2 Exploitation walk-through............................................................................... 14
2.6 Mitigation ........................................................................................................... 17
2.7 Future work ......................................................................................................... 17
3 Closing words................................................................................................... 19
3.1 Lessons learned.................................................................................................... 19
3.2 To mobile device and so?ware vendors ................................................................. 19
3.3 An open le?er for the exploit market..................................................................... 20
References .............................................................................................................. 26

Download:

https://subreption.com/site_media/uploads/reports/droidleak_release.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...