All Questions
16 questions
1
vote
0
answers
17
views
Trying to call different class's variable but java reflection does not work
I am trying out a challenge where the system has an app installed from which I need to extract a variable called x.
The app has a man-in-the-disk vulnerability where it calls a file in the external ...
- 11
-2
votes
1
answer
825
views
Acces a broken screen android phone with PC [closed]
is there a way to recover some pictures inside my phone ?
(2 phones actually, Galaxy A5 and A50)
-the screen is broken
-i tried ADB, but device unauthorized
1
vote
2
answers
2k
views
Stagefright - Exploit? - recurring requests for same files
I get these following requests from useragent "stagefright" for some mp3 files in the webfolder, the IPs happen to be unique but the file names are always repeated (around 15 files are being requested)...
- 29
0
votes
1
answer
46
views
Implications of leaving a system app in debug mode?
What are the possible dangers/implications of leaving a system app in debug mode, in a public OTA? Does it allow privilege escalation, by using something like run-as?
Thank you.
EDIT: A bit more ...
user7241550
0
votes
0
answers
239
views
Running an android exploit on Emulator
I want to run this exploit cve-2014-7920-7921(from here) on Emulator. I am new to Android and after searching on google I did like this:
I compiled android source code 4.3 and then run the build.sh ...
- 649
1
vote
0
answers
487
views
ANDROID - How to debug system services on Android using GDB
I m interested in security stuff and I want to start with Android device to test this OS. I ve seen that there are many exploit for Android (the most famous is the stagefright case) and I m also ...
- 733
4
votes
0
answers
763
views
Android - Implementing a means to get 'real' time in offline apps
Background
The company I work for is creating an app that collects information from various device events and sensor data.
One of the things we would like to be able to do is use time to process the ...
- 500
0
votes
1
answer
1k
views
run a shellcode in the context of mediaerver in android
I write an exploit for a vulnerability in mediaserver in android(CVE-2015-3864). The goal is running a shellcode with root privilege(such as kill all processes). every steps of exploit are working as ...
- 39
1
vote
1
answer
2k
views
how to add android drm plugin
i'm trying to add kClearKey DRM plugin in my android phone(LG nexus 4). I tried following solution,but it doesn't work for me:
1)build the kClearPlugin from source code provided by google source ...
- 39
4
votes
2
answers
4k
views
Error: unaligned opcodes detected in executable segment
When compiling poc of CVE-2015-1528 from https://github.com/secmob/PoCForCVE-2015-1528 via ndk-build, this error appears:
[armeabi] Compile++ thumb: exploitmedia <= shellcode.cpp
/home/android/...
- 41
0
votes
1
answer
2k
views
Stagefright - Gaining root access on Android 4.0.4 and 4.4
I've been reading some about the Stagefright exploit and I wish to know if it is possible to gain root access on an Android 4.4 or 4.0.4 device with this exploit.
The wiki page states
" allows an ...
user4326368
4
votes
1
answer
7k
views
What is the correct definition of RLIMIT_NPROC?
I'm taking a look at the implementation of the Android exploit Rage Against The Cage. The idea behind it is that it creates as many processes as necessary to reach RLIMIT_NPROC for the shell UID so ...
- 6,704
1
vote
1
answer
972
views
How can an app display a banner ad on the user's homescreen?
One of the apps on my phone is showing banner ads on my homescreen after the phone has been idle for some period of time. Touching outside of the ad hides the AdView. Take a look at the photo below:
I'...
- 2,195
7
votes
1
answer
1k
views
Vulnerabilities in caching of obfuscated key? Android Licensing
I'm caching a user's authentication to whenever the Android Market Licensing ping server returns a GRANT_ACCESS pong.
Does anyone see any vulnerabilities with this strategy? I believe it is very ...
- 16k
1
vote
1
answer
376
views
Android Native Debugging
I'm currently working a project to investigate the security inherit with Android. A part of my project is to perform an overflow of the stack and execute a local shell.
I've created an exploitable ...
user429708