Android greybox fuzzing with AFL++ Frida mode

This article is about greybox fuzzing of userland targets that can be encountered in Android using AFL++ and its Frida mode. We also discuss how to target JNI functions, to test the native features invoked by Java code.

more ...

Attacking Titan M with Only One Byte

Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.

more ...

Commit Level Vulnerability Dataset

In this blog post, we present a new vulnerability dataset composed of thousands of vulnerabilities aimed at helping security practitioners to develop, test and enhance their tools. Unlike others, this dataset contains both the vulnerable and fixed states with source data.

more ...

Smali the Parseltongue Language

When analyzing an Android application, we often end up playing with the Smali intermediate representation... Way more human readable than the binary DEX code itself, but still not that user friendly. This blog post gives some guidelines on how to read Smali, and start writing you own Smali code!

more ...

Extending Emuroot: support for Android 10 & 11

A quick introduction to Android Emuroot, a Python script that allows to get root privileges on the fly on an Android Virtual Device (AVD). It explains the reverse engineering steps needed for the script to work with recent AVDs and provides a preview of specific Linux kernel structures in memory.

more ...

QBDI 0.8.0

This blog post introduces the release 0.8.0 of QBDI.

more ...

Why are Frida and QBDI a Great Blend on Android?

This blog post dives into how to get a better understanding of an Android native function by taking full advantage of both Frida and QBDI.

more ...

A Deep Dive Into Samsung's TrustZone (Part 3)

This third article from the Samsung's TrustZone series details some vulnerabilities that were found and how they were exploited to obtain code execution in EL3.

more ...

CVE-2020-0069: Autopsy of the Most Stable MediaTek Rootkit

In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices. This vulnerability had been known by MediaTek since April 2019, and later exploited in the wild! In this post, we give some details about this vulnerability and see how we can use it to achieve kernel memory reads and writes.

more ...

A Deep Dive Into Samsung's TrustZone (Part 2)

In this second blog post of our series on Samsung's TrustZone, we present the various tools that we have developed during our research to help us reverse engineer and exploit Trusted Applications as well as Secure Drivers.

more ...