...stuff I do and things I like...

Conferences

SummerCon July, Brooklyn, NY. THE FIREWALL ANDROID DESERVES: A CONTEXT-AWARE KERNEL MESSAGE FILTER AND MODIFIER by DAVID WU.

Defcon August, Las Vegas. SITCH - Inexpensive, Coordinated GSM Anomaly Detection by ashmastaflash. A Journey Through Exploit Mitigation Techniques in iOS by Max Bazaliy. Stumping the Mobile Chipset by Adam Donenfeld. How to Do it Wrong: Smartphone Antivirus and Security Applications Under Fire by Stephan Huber and Siegfried Rasthofer. Discovering and Triangulating Rogue Cell Towers by JusticeBeaver (Eric Escobar). Samsung Pay: Tokenized Numbers, Flaws and Issues and Salvador Mendoza. Attacking BaseStations - an Odyssey through a Telco's Network by Henrik Schmidt and Brian Butterly. Forcing a Targeted LTE Cellphone into an Unsafe Network by Haoqi Shan and Wanqiao Zhang.

Another month has passed and I'm super late again on this blog post.

HushCon EAST badges were super awesome (picture below) did some hacking on them with Trammell Hudson: Hushcon 2016 pagers.


The wait is over, here is the final blog post including source code on Qualcomm's TrustZone: Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption Source extractKeyMaster

The Android Security Bulletin July 2016 fixes a really large number of bugs, including a Remote code execution vulnerability in Bluetooth and Remote code execution vulnerability in OpenSSL & BoringSSL. It is really good to see stuff being fixed and talked about in the open.

Summary on Pokemon GO's permission to your Google Account by the guys from Trail of Bits.

Funny picture of the month:


Links

Breaking Band reverse engineering and exploiting the shannon baseband slides from Recon 2016

Vodafone Global Infrastructure Map

VIDEO: Forcing A Targeted LTE Cellphone Into An Eavesdropping Network

Android changes for NDK developers

Need Android APK samples? `wget -r http://dlapk.etcandroid.com/apk/ ` and wait a few hours... Or until two people do it and server melts... (via @timstrazz)

Android Anti-Hooking Techniques in Java

Tools for analyzing hexagon code

Hacking Team / Crisis Android samples

HARDWARE-ASSISTED ROOTKITS & INSTRUMENTATION: ARM Edition slides from recon 2016

GODLESS Mobile Malware Uses Multiple Exploits to Root Devices

Silent OS 3.0 adds cellular IDS for weak nw encryption. via @raviborgaonkar

Most mobile apps dedicate at least 10% of their traffic to online tracking via @narseo

Strongdb is a gdb plugin that is written in Python, to help with debugging Android Native program.The main code uses gdb Python API

Accessing local variables in ProGuarded Android apps

GOOGLE'S ANDROID REWARDS PROGRAM PAYS OUT HALF MILLION IN FIRST YEAR

This is an all-in-one Java deobfuscator which will deobfuscate code obfuscated by most obfuscators available on the market.

Listening through a Vibration Motor paper

Fingerprint Unlock Security: iOS vs. Google Android (Part I)

Fingerprint Unlock Security: iOS vs. Google Android (Part II)

A cross-platform protocol library to communicate with iOS devices.

Android Anti-Emulator, originally presented at HitCon 2013: "Dex Education 201: Anti-Emulation"

An Online Analysis System for Packed Android Malware

Android Trojan "Hellfire" modified system binaries, boot image, init.rc, SE policy rules, dm_verify, etc. via @claud_xiao

recover deleted information from sqlite files.

TrustZone Kernel Privilege Escalation (CVE-2016-2431)

A dynamic binary instrumentation kit targeting on Android(Lollipop) 5.0 and above.

(In-) Security of Security Applications paper

Hacking smartphones via voice commands hidden in YouTube videos

Bugs in BMWs ConnectedDrive (exploitable via SMS) (German)

Remote Code Execution in Xiaomi MIUI Analytics

Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore (paper)

A Way of Breaking Chrome's Sandbox in Android (slides)

Changes to Trusted Certificate Authorities in Android Nougat

Introducing OpenCellular: An open source wireless access platform (base station)

Android Kernel CVE POCs CVE-2016-3797

Android Kernel CVE POCs CVE-2016-3794

Proof of concept XOR canary support for LLVM

Advanced Android Root : How To Bypass PXN (slides)

PoC for CVE-2016-2434

From HummingBad to Worse NEW DETAILS AND AN IN-DEPTH ANALYSIS OF THE HUMMINGBAD ANDROID MALWARE CAMPAIGN (paper)

This Android Hacking Group is making $500,000 per day

open source 3gpp lte implementation

Lawsuit reveals Silent Circle's Blackphone business is a complete and utter mess

DIFFDroid :Dynamic Analysis for Android

Inside SafetyNet - part 2