There is no excerpt because this is a protected post.
TL;DR: Through dynamic loading, malware authors can covertly load malicious code into their application in order to avoid detection. We can detect such loading through the application’s /proc/[PID]/maps kernel generated file.Recently, we created a simple script that allows us to detect dynamic loading in Android apps. This presented us with a good opportunity to discuss […]
TL;DR We will explain how we exploited Android firmware using an undocumented kernel API that was found by reverse-engineering Samsung’s “Hidden Factory Settings” app.This API permits flashing unsigned firmware of Samsung’s touchscreen firmware.The CVE affects all Samsung S7-S10 series using exynos chipset. Inspiration After reading project zero’s great article about exploiting WiFi firmware to gain […]
The following article will demonstrate how to use “old fashioned” Linux utilities and Termux to trace Android apps. We’ll use Termux linux VM inside an Android device in order to install common Linux utils alongside Android Apps. The main tools we will use are: Strace Jtrace Inotifywatch *Rooted device is needed What is Termux Termux […]
While reverse engineer Android apps it’s relatively common to perform dynamic analysis in conjunction to static analysis in order to gain runtime information of the app. There are many ways to get this information from 3rd party apps Use Frida hooks to print function arguments Patch the app to be debuggable Patch the app to […]
Network anlysis is common need when analyzing Android Apps. In this article we will exmaine two tools to use as proxy in Android devices – MITM Proxy and Proxy Droid What is MITM Proxy for Android Mitmproxy is a powerful python tool that allows you to capture ingoing and outgoing HTTP or HTTPS data from […]
Overview Why to use ByteCode-viewer for malware analysis? Bytecode viewer is a decompiler whose most relevant feature for malware analysis is the ability to decompile using six different decompilers. In addition, the bytecode viewer is also able to compile and edit code. When to use ByteCode-Viewer ? As we all know every standalone decompiler fails […]