Sayfer Blog
Blog about security, malware and how to make our internet Sayfer.
- We Found a Pre-Released WhatsApp FeatureApril 21, 2021
While researching WhatsApp web for a project that we’ll write about soon, we accidentally found that WhatsApp has a feature flag for a hidden feature – one that allows users to change the playback rate of voice messages. Broken Behavior One of our research tools allows us to change the playback rate ... - 3 Vulnerabilities in Kaspersky-backed TinyCheckFebruary 11, 2021
In our latest research, we found 3 different vulnerabilities in TinyCheck, an open-source tool developed and published by Félix Aimé, one of Kaspersky’s GReAT experts. Each one of the vulnerabilities has a high severity by itself. Once combined into a chain, a remote attacker could exploit it to get an ... - Fuzzing Part 2 – Fuzzing with AFLFebruary 2, 2021
As I wrote in the last chapter, in this article I will only explain how to fuzz when there’s access to the source code using AFL. To demonstrate, I took an old open-source program that I found on GitHub called ccalc. As the name suggests, it is a simple calculator ... - Fuzzing Part 1: The TheoryJanuary 28, 2021Fuzzing First of all, what is fuzzing exactly? When we fuzz test a program or function that receives input (any type of input), we try different combinations of input until we get a crush or another desired result (frequently memory leaks). When a program doesn’t sanitize its input properly, malformed or ...
- Detecting Dynamic Loading in Android Applications With /proc/mapsNovember 4, 2020
TL;DR: Through dynamic loading, malware authors can covertly load malicious code into their application in order to avoid detection. We can detect such loading through the application’s /proc//maps kernel generated file.Recently, we created a simple script that allows us to detect dynamic loading in Android apps. This presented us with ... - A Technical Analysis of the 4k Facebook ScamSeptember 15, 2020
tl;dr: Don’t trust webview logins on native apps, they can read your cookies and use them to their advantage. Following the Hacker News thread “How I lost €4k in a Facebook scam“, we reverse engineered the app to see how this happens. The new phishing wave Phishing. We all know it, we ... - Android Firmware Exploitation – Unsigned Firmware in Samsung’s SoC CVE-2020-10831September 1, 2020
TL;DR We will explain how we exploited Android firmware using an undocumented kernel API that was found by reverse-engineering Samsung’s “Hidden Factory Settings” app.This API permits flashing unsigned firmware of Samsung’s touchscreen firmware.The CVE affects all Samsung S7-S10 series using exynos chipset. Inspiration After reading project zero’s great article about exploiting WiFi firmware ... - Tracing Android Applications With Termux and Linux UtilitiesJune 6, 2020
The following article will demonstrate how to use “old fashioned” Linux utilities and Termux to trace Android apps. We’ll use Termux linux VM inside an Android device in order to install common Linux utils alongside Android Apps. The main tools we will use are: Strace Jtrace Inotifywatch *Rooted device is needed What is Termux Termux is a terminal ... - Debugging 3rd Party Android AppsApril 2, 2020
While reverse engineer Android apps it’s relatively common to perform dynamic analysis in conjunction to static analysis in order to gain runtime information of the app. There are many ways to get this information from 3rd party apps Use Frida hooks to print function arguments Patch the app to be debuggable Patch the app ... - Proxy in Android – Using MITM & ProxyDroidFebruary 3, 2020
Network anlysis is common need when analyzing Android Apps. In this article we will exmaine two tools to use as proxy in Android devices – MITM Proxy and Proxy Droid What is MITM Proxy for Android Mitmproxy is a powerful python tool that allows you to capture ingoing and outgoing HTTP or ...
