• Introduction
  • Environment Setup
    • Hardware Requirements
    • Software Requirements
      • GDB
      • Workshop Repository
      • Android Studio
      • Android NDK
      • Android Virtual Device
      • Android Kernel Source Code
  • Linux Privilege Escalation
    • Light Weight Process
    • Process Credentials
    • SELinux
      • selinux_enforcing
    • SecComp
  • Vulnerability Discovery
    • Original Discovery
    • Rediscovery
    • Patch
  • Vulnerability Trigger
    • Reintroduction
    • Build Kernel With KASan
    • Boot Kernel
    • Crash
    • KASan Symbolizer
  • Scripted Privilege Escalation
    • Kernel Debugging
  • Root Cause Analysis
    • Revisiting Crash
      • Allocation
      • Free
      • Use
    • Visual Studio Code
    • Static Analysis
      • open
      • epoll_create
      • epoll_ctl
      • ioctl
      • ep_remove
      • Static Analysis Recap
    • Dynamic Analysis
      • hw.cpu.ncore
      • Build Kernel Without KASan
      • Kernel Tracing
  • Exploitation
    • Primitive
    • Corruption Target
    • Leaking task_struct*
    • Clobber addr_limit
    • Exploit In Action
  • GDB Macros
  • Resources
  • Published with GitBook

Resources

Resources

Linux Lightweight Process

  • https://en.wikipedia.org/wiki/Light-weight_process
  • https://medium.com/hungys-blog/linux-kernel-process-99629d91423c

SELinux

  • https://source.android.com/security/selinux
  • https://www.redhat.com/en/topics/linux/what-is-selinux

seccomp

  • https://lwn.net/Articles/656307/

Building Kernels

  • https://source.android.com/setup/build/building-kernels
  • https://android.googlesource.com/kernel/manifest

Linux Kernel Source Code Cross Referencer

  • https://elixir.bootlin.com/linux/v4.14.171/source

Linux Kernel Source Annotated

  • http://www.bricktou.com/

CVE-2019-2215 - Bug Report

  • https://groups.google.com/d/msg/syzkaller-bugs/QyXdgUhAF50/g-FXVo1OAwAJ
  • https://bugs.chromium.org/p/project-zero/issues/detail?id=1942

Vectored I/O

  • https://en.wikipedia.org/wiki/Vectored_I/O
  • https://www.gnu.org/software/libc/manual/html_node/Scatter_002dGather.html
  • http://man7.org/linux/man-pages/man2/readv.2.html

Exploitation

  • https://www.blackhat.com/docs/eu-16/materials/eu-16-Shen-Rooting-Every-Android-From-Extension-To-Exploitation-wp.pdf
  • https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
  • https://www.youtube.com/watch?v=TAwQ4ezgEIo
  • https://dayzerosec.com/posts/analyzing-androids-cve-2019-2215-dev-binder-uaf/
  • https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/

results matching ""

    No results matching ""