Posts

Padding Oracle Attacks : The other padding that killed your secret key

Image
Hi folks! In this post I'd like to talk about something that's pretty old but still crops up every now and then (example). I know for most folks this is nothing new but I'd still like to have a post about this attack in my archive and also deliver a good explanation of the attack in a way that makes it easier for more people to understand (I know for new comers this attack can be a bit of a mind bending exercise :P). Also if you want to be a total infosec / crypto hipster you can refuse to call it padding oracle attacks and call it by its eponym "the Vaudenay attack" and pay homage to the inventor Serge Vaudenay :)

Update: The next post is a more practical explanation of this attack :)







Automated DEX Decompilation using Androguard part II: Dex2Java

Image
The next post in the Androguard tutorial series (By the way here's part one). Here we are going to see how to construct a novel script that de-compiles an APK into full Java code using Androguard and python.

Working from the previous post about de-compiling a dex file into Dalvik byte code (which is actually little more than purely interpreting the contents of the Dex file -__-) we're actually going to use Androguard here to take the analysis one step further, actually producing readable Java Code! With one or two caveats (like import statements :P).


Automated DEX Decompilation using Androguard

Image
Hey guys, its been a while since my last post and my blog is beginning to gather dust. So I though I would drop a couple posts about some new stuff I've been trying and learning. This post is about Androguard and how to write a simple python script that dumps decompiled dalvik bytecode from an Android APK.


About addJavascriptInterface abuse in Android Browsers

Image
So I started out writing this post like most of the other posts I've been writing this year, just another rash vulnerability disclosure; but I decided to turn it into more of a discussion about the addJavascriptInterface vulnerability.

I base my discussions here on some vulnerabilities I've found in various Android Browser apps. I'm going to specifically talk about some novel methods I used to enumerate Browser applications using JavaScript bridges insecurely. Obviously, in finding out how to detail the existence of the vulnerability you will also learn how to protect your applications from the discussed exploitation methods.


Path Traversal Vulnerability in OI File Manager for Android

Image
# Disclosure Date: 12/02/2014
# Author: Keith Makan
# Vendor or Software Link:org.openintents.filemanager
# Version: 2.0.5
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash










Path Traversal Vulnerability in 'com.smartwho.SmartFileManager' 3.1.2 for Android

Image
# Disclosure Date: 30/01/2014
# Author: Keith Makan
# Vendor or Software Link:com.smartwho.SmartFileManager
# Version: 3.1.2
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash




Critical Information Leakage Vulnerabilities in 'Next Browser' 1.16 for Android

Image
# Disclosure Date: 30/01/2014
# Author: Keith Makan
# Vendor or Software Link:https://play.google.com/store/apps/details?id=com.jiubang.browser&hl=en
# Version: 1.16
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash

Labels

Show more