Skip to main content

Keith Makan

"So you are interpreters of interpreters?" - Socrates, Ion by Plato

Search This Blog

Subscribe to this blog

Follow by Email

Pages

Posts
Post Series
Vulnerability Disclosures
About me
Books
Public Disclosure Policy

Showing posts with the label Android Security

Posts

[Android Security] Attacking the Android Package Manager from the past.

Posted by Keith Makan February 15, 2018

Android Android Application Hacking Android Secure Random vulnerability Android Security Threat Modelling Android Applications

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

About addJavascriptInterface abuse in Android Browsers

Posted by Keith Makan March 17, 2014

addJavascriptInterface Android Application Hacking Android Hacking Android Security

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Path Traversal Vulnerability in 'com.smartwho.SmartFileManager' 3.1.2 for Android

Posted by Keith Makan February 09, 2014

Android Application Hacking Android Application Security Android Hacking Android Security Path Traversal Vulnerability Smart File Manager

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Grepping for Glory : using grep to uncover Android Application Level Vulns

Posted by Keith Makan October 09, 2013

addJavascriptInterface Android Android Application Hacking Android Security SharedPreferences Threat Modelling Android Applications WebView WebViewClient

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

More Details on the Android JCA PRNG Flaw

Posted by Keith Makan August 26, 2013

Android Android Application Hacking Android Secure Random vulnerability Android Security Bitcoin PRNG Pseudo Random number security

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Popular Posts (Last Year)

Introduction to the ELF Format (Part VI) : The Symbol Table and Relocations (Part 1)

This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:

(Part I) : ELF Header https://blog.k3170makan.com/2018/09/introduction-to-elf-format-elf-header.html (Part II) : Program Headers https://blog.k3170makan.com/2018/09/introduction-to-elf-format-part-ii.html (Part III) : Section Header Table https://blog.k3170makan.com/2018/09/introduction-to-elf-file-format-part.html (Part IV) : Section Types and Special Sections https://blog.k3170makan.com/2018/10/introduction-to-elf-format-part-iv.html(Part V) : C Start up https://blog.k3170makan.com/2018/10/introduction-to-elf-format-part-v.htmlthis
In this and the next post I'm going to explore how Elf files manage to pull off the magic of symbol resolution as well as the format, offsets and records in the Elf that represent this information. There are many facets to this mechanism in the format, and before I get into each of them I'd like to provide a gentle intro …

Introduction to the ELF Format : The ELF Header (Part I)

ELF Files are charged with using their magic to perform two holy tasks in the linux universe. The first being to tell the kernel where to place stuff in memory from the ELF file on disk as well as providing ways to invoke the dynamic loaders functions and maybe even help out with some debugging information. Essentially speaking its telling the kernel where to put it in memory and also the plethora of tools that interpret the file where all the data structures are that hold useful information for making sense of the file. Anyway that's as far as I've figured it out - the actual break down is a little less simple.

I'll demonstrate why this is so here and over the next series of posts in the classic "Learn things by breaking them" style.
ELF Header and Identification fields The first thing that appears in an ELF file is of course the header, which is like most things in file formats just a list of offsets in the file. Its purpose is to indicate essentially what kin…

Introduction to the ELF Format (Part V) : Understanding C start up .init_array and .fini_array sections

This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:

(Part I) : ELF Header https://blog.k3170makan.com/2018/09/introduction-to-elf-format-elf-header.html (Part II) : Program Headers https://blog.k3170makan.com/2018/09/introduction-to-elf-format-part-ii.html (Part III) : Section Header Table https://blog.k3170makan.com/2018/09/introduction-to-elf-file-format-part.html (Part IV) : Section Types and Special Sections https://blog.k3170makan.com/2018/10/introduction-to-elf-format-part-iv.htmlthis
In this post I'm going to cover how some of the aspects of C start up and mess around with the .init_array and .fini_array sections to show how they work.

C Start Up
So something must happen to get your code in the main function running. This process is called the C start up and it essentially involves running all the initialize code, setting up pointers to some important arrays and then branching over to main.

What the…

Introduction to the ELF Format Part II : Understanding Program Headers

Welcome back folks! In the previous post I covered pretty much the most trivial parts of the ELF file format. In this post we are actually going to work with one of the most interesting mechanisms in the file - the program headers! I skipped some parts of the ELF header in the previous post and decided to cover them here specifically because they inform on the Program Headers anyway. Lets get started!
Introduction : What are Program Headers?
I mentioned in part 1 that the ELF format performs two tasks. A recipe for how to sublimate dead files into living processes and adds the bells and whistles needed to make the file look pretty to gdb, the dynamic loader and a bunch of other tools. Program Headers (among other functions) are more often for telling the memory loader where to put stuff. It also has some house keeping functions.

We'll get into how these memory loading powers and formats work a little later for now its just important to keep in mind a good idea of what to expect …

[Reverse Engineering Primer] Unpacking cramfs firmware file systems

Reverse engineering firmware from the point of view of an attacker involves levering as much as possible what is accessible from the physical board. Of course the classic question this strives to answer is, if someone gets hold of my board what could go wrong? Reverse engineering some devices in the wild often exposes security keys, default passwords and other forms of security failures that can expose an unfair escalation of privilege or perhaps also allow a complete take over of the device right down to boot loader level - all of this sometimes also possibly learned by analyzing the firmware.

I'm going to talk about some of the more basic skill in getting toward exposing the code and other sensitive artifacts used by the device. Before you can find remote code execs and admin auth by pass vulns you need to get to grips with firmware image formats and embedded file systems.

Setting up the environment
Before getting super in depth and writing our own file format parsers, machine …

Glibc Heap Exploitation Basics : ptmalloc2 internals (Part 3) : The Main Arena

Hi folks, this post is part of a series in which I try to explore the internals of glibc's implementation ptmalloc2 which is used for managing heap memory. In this post I'm going to specifically pay attention to the main_arena and the malloc_state structure, which is used to store some important pointers for searching heap memory.
The main arena The heap bakes the main_arena struct right into process memory. Its a struct of the type malloc_state and holds the following fields (extract from glibc-2.23/malloc/malloc.c):

1686 struct malloc_state
1687 {
1688 /* Serialize access. */
1689 mutex_t mutex;
1690
1691 /* Flags (formerly in max_fast). */
1692 int flags;
1693
1694 /* Fastbins */
1695 mfastbinptr fastbinsY[NFASTBINS];
1696
1697 /* Base of the topmost chunk -- not otherwise kept in a bin */
1698 mchunkptr top;
1699
1700 /* The remainder from the most recent split of a small request */
1701 mchunkptr last_remainder;
1702
1703 /* Normal bins packed as de…

[Symbolic Execution 0x0] Solving easy CTFs with Angr and Symbolic Execution

Hi folks, I just learned a couple nifty tricks with angr, a popular symbolic execution framework with a very slick python front end. Turns out this tool makes solving the odd crack me CTF extremely easy, I've been porting the same script around for a number of CTF challenges and it's knocking em down like nobody's business. So in the following post I'm going to give you folks a quick crash course in using the tool and show you how easy it is to solve a sample crack me.

What is Symbolic Execution
Without going into full academic detail symbolic execution is essentially hard proof that all the algebra you learned in high school is kinda nifty. Symbolic Execution engines model a program's behavior based on the inputs they are given. These engines (which may vary in their approach) operate by building a database of algebraic statements about a program, sweeping up all the possible assignments and comparisons that may result in a concrete state, after which you are the…

Archive

2020 2
- June 1
  - [Memory Corruption Bugs] Lftp Null pointer derefer...
- April 1

2019 6
- December 2
- June 1
- March 2
- January 1
2018 26
- December 1
- November 2
- October 5
- September 3
- August 1
- July 1
- June 2
- May 4
- February 4
- January 3
2017 19
- December 3
- November 2
- October 3
- September 6
- August 2
- July 1
- April 2
2016 3
- September 2
- February 1
2015 2
- July 2
2014 7
2013 10
- October 3
- August 4
- May 1
- March 1
- January 1
2012 23
- December 6
- October 1
- July 2
- June 1
- April 2
- March 1
- January 10

Show more Show less

Labels

About.me
addJavascriptInterface
Adult Swim
AI.
Alan Turing
Altcoin
Androguard
Android
Android Application Hacking
Android Application Security

Show more Show less

Report Abuse

Powered by Blogger

Keith Makan