WE ARE MOVED
Due to a new project our web presence has moved. >>>> https://androidreverse.org/ <<<<<
Read More WE ARE MOVEDDue to a new project our web presence has moved. >>>> https://androidreverse.org/ <<<<<
Read More WE ARE MOVEDThis Bug can crash most of all Android Services on devices running Android 10, 11, 12, 13 and maybe more. Video APK Download & Sources The demo app can be downloaded via Github or direct link Introduction This Bug can be reproduced by any App that has been installed on a targeted device. This is […]
Read More Android DoS – Parcel.java – OOM BUG/EXPLOIT1. ABSTRACT This work includes an analysis of the Anubis malware variant pandemidestek discovered on 12.06.2020. SHA256 231d970ea3195b3ba3e11e390b6def78a1c8eb5f0a8b7dccc0b4ec4aee9292ecName pandemidestek.apkVirustotal https://www.virustotal.com/gui/file/231d970ea3195b3ba3e11e390b6def78a1c8eb5f0a8b7dccc0b4ec4aee9292ec/detectionSource https://dosya.org/f.php?h=0G8rhXAJ&d=1GitHub https://github.com/ChickenHook/Anubis-pandemidestek In December 2016 the the article ”Android BOT from scratch” was published in which source code of a new Android banking trojan was shared. The first malware based on this code was spotted […]
Read More Reverse Engineering of the Anubis Malware - ”pandemistek” – intended for the Turkish marketpentest Android Services An App intended for fuzzing the Binder interface and System Services of Android. You can use this Project in order to find bugs and exploits inside the Binder interface or System Services. Description BinderFuzzy is a fuzzer that can generate binder events in order to pentest system services running on the Android […]
Read More BinderFuzzyThe process below shows how to start an Activity that is not registered in the AndroidManifest.xml (https://developer.android.com/guide/topics/manifest/activity-element). The Default Process Let’s say we have two Activities and call them Activity A and Activity B. In our scenario Activity A is going to start Activity B via Activity.startActivity(…). This call will invoke Instrumentation.execStartActivity(…) followed by IActivityTaskManager.startActivity(…). […]
Read More Bypass AndroidManifest <activity> tagIntroduction The ActivityManagerService (https://androidreverse.wordpress.com/2018/03/11/aosp-activitymanager-and-activitymanagerservice/) is a component of Android that manages the Running Applications, non-system Services, ContentProviders and much more. The StartFlag DoS Exploit sends a manipulated startActivity event telling to start another Application in “native debugging” mode (in our Test we use the PermissionGrant Activtiy wich is marked as not debuggable”. A bug in […]
Read More StartFlag temporary DoS ExploitBypass Reflection restrictions Since API level 28 Android forbids access to some hidden API functions (see: https://developer.android.com/distribute/best-practices/develop/restrictions-non-sdk-interfaces). Lots of required functions used by the POC are black listed and threw exceptions while trying to access them via the Reflection API. Bypass prior to API 30 With API level 30 this feature got more hardened by […]
Read More Android API restriction bypass for all Android VersionsHello, today we reviewed a new Android app where you can see some strange management decisions. The App has some security relevant content so it makes sense to invest some money. First look in the app showed that there code was written in Kotlin and they have a native library. By scrolling though their smali […]
Read More Why security library’s only won’t help 😦The Android Operating system consists of multiple Services like: AlarmManagerService, InputMethodManagerService, TrustManagerService, WindowManagerService, ServiceManager, PermissionController, SystemServer and also ActivityManagerService (see: https://android.googlesource.com/platform/frameworks/base/+/android-8.1.0_r18/services/core/java/com/android/server). Lifecycle of ActivityManagerService Startup The lifecycle of ActivityManagerService begins with the following call in SystemServer. startBootstrapServices(){ […] traceBeginAndSlog(“StartActivityManager”); mActivityManagerService = mSystemServiceManager.startService( ActivityManagerService.Lifecycle.class).getService() } source: https://android.googlesource.com/platform/frameworks/base/+/android-8.1.0_r18/services/java/com/android/server/SystemServer.java : 510 Some of the core Services also where instantiated […]
Read More [AOSP] ActivityManager and ActivityManagerService