1. Android Native API Hooking with Library Injection and ELF Introspection.

    This post can be considered both the part 2 of the previous "Dynamically inject a shared library into a running process on Android/ARM" and a proof of concept of the same, namely what can be done with library injection on Android. TL;DR I've updated the source code of…

    on hooking api hooking library android injection elf relocation arm elf open dalvik plt relocation relocation table symtab strtab

  2. Using ARM Inline Assembly and Naked Functions to fool Disassemblers

    On this post I want to share a simple trick I learned a while ago, it's nothing special but if you think about it, it's quite nice :) Sometimes we want to obfuscate/hide strings in our program to make reversing more difficult and the more common approach is to encrypt…

    on hack ida arm assembly naked functions inline inline assembly disassembler hopper objdump trick

  3. Dynamically inject a shared library into a running process on Android/ARM

    If you're familiar with Windows runtime code injection you probably know the great API CreateRemoteThread which lets us force an arbitrary running process to call LoadLibrary and load a DLL into its address space, this technique called DLL Injection is often used to perform user space API hooking, you can…

    on hooking api hooking library android injection ptrace remote injection library injection arm elf registers

  4. Fuzzing with AFL-Fuzz, a Practical Example ( AFL vs binutils )

    It's been a few weeks I've been playing with afl-fuzz ( american fuzzy lop ), a great tool from lcamtuf which uses binary instrumentation to create edge-cases for a given software, the description on the website is: American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation…

    on exploit afl fuzzing lcamtuf fuzzer binary instrumentation gcc clang qemu llvm crash american fuzzy lop

  5. SuperFish AdWare found inside X-Notifier browser extension code.

    You probably already heard about SuperFish around the web, an adware that Lenovo pre-installed on its computers since mid-2014. The danger does not reside inside the adware itself, that basically just injects some advertisment inside user web searches, but in the fact that, in order to handle HTTPS search engines…

    on malware adware superfish chrome xnotifier x-notifier extension browser inject adv

  6. RuberTooth - A complete Ruby porting of the ubertooth libraries and utilities.

    Today, finally my ubertooth arrived and I immediately started hacking with it. I installed its libraries and tools both on OS X and on my Linux virtual machine, and after a while I noticed a few things: The compilation process is not well documented for newer versions of OS X,…

    on hack library BLE bluetooth low energy bluetooth ubertooth rubertooth ruby gem porting