-
Android kernel emulation with QEMU
We are going to try all the iterations of the android kernel in order to understand the compatibility of emulator. In that case, we will start working with cloudfuzz‘s android kernel that works on Android10, Pixel2 XL. repo init –depth=1 -u https://android.googlesource.com/kernel/manifest -b q-goldfish-android-goldfish-4.14-dev repo sync -c –no-tags –no-clone-bundle -jnproc On qemu it worked https://fadeevab.com/build-android-kernel-and-run-on-qemu-minimal-step-by-step/…
-
CVE-2019-2215
We will walk through the CVE-2019-2215 Android binder vulnerability on the goldfish emulator. Requirements: Download Android Studio and extract it. Under the bin folder, there is a studio.sh. We can run android studio by start studio script. Install NDK and emulator by SDK manager. We will use NDK 21.0.6113669. Install the Android Emulator and Android…
-
Chainization of Chrome RCE and LPE
We will follow to this RCE to re-implement it. Cloning toolkits for the compilation of the chrome. Add to the path
-
LKL (Linux Kernel library) libfuzzer
https://github.com/lkl/linux Compile options export FUZZ_CXXFLAGS=”-O2 -fno-omit-frame-pointer -gline-tables-only -fsanitize=address,undefined,fuzzer-no-link” CXX=”clang++ $FUZZ_CXXFLAGS” CC=”clang $FUZZ_CXXFLAGS” make -C tools/lkl -j12 Makefile Simple LKL application that starts the linux kernel
-
MALI_NO_MALI
added the Kconfig to the Kconfig file in the “linux/drivers” Note: Go for the real hardware https://developer.arm.com/downloads/-/mali-drivers/valhall-kernel Sources: https://icecream95.gitlab.io/mali-g610-reverse-engineering-part-1.html
-
CVE_2022_38181 Mali SAMSUNG S6 Lite Tablet
We flashed the Samsung tablet with the firmware that i downloaded from SAMFW -> P610XXS2CUG5 It’s the Turkish version of the Samsung Galaxy s6 lite SM-P610 I extracted the AP_** file inside the Firmware and extracted the boot.img.lz4 file. Then extracted the boot img lz4 -d boot.img.lz4 Used the bad_io_uring script to extract the kernel…
-
YOCTO on beagleboneblack
You must use Ubuntu 18. It won’t compiled on higher distribution. Dependencies Download the yocto Change the machine name and bitbake core-image-full-cmdline Under the sources directory that we added This is the image file that we need to flash core-image-full-cmdline-beaglebone-yocto.wic sudo picocom -b 115200 /dev/ttyUSB0 bitbake -c menuconfig virtual/kernel bitbake -c savedefconfig virtual/kernel vmlinux is…
-
How to compile YOCTO project for raspberrypi
Install dependencies Create folder for yocto Pull yocto project Download Raspberry-pi meta data Download mate data for open embedded Run the oe-init-build-env Add the raspberrypi to local.conf change bblayers.conf mine is looking like this under the ./poky/build/conf/bblayers.conf directory start compilation after the successful You can burn the .wic file like this You can find the…
-
AFL++
https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/INSTALL.md afl-gcc-fast -fsanitize=address example.c -o example afl-fuzz -i test -o out -M f0 ./example For master slave hierarcy of afl we can give -M and -S flags like this: afl-fuzz -i test -o out -M f0 ./example afl-fuzz -i test -o out -S f1 ./example Under the our directory masters and slaves will be directorized
-
Proces Management and Scheduling
-
DIFUZE Android kernel fuzzing
Pull the repo Install dependencies Setup the difuze. The end of the setup looks like this
-
Corellium usage
I got my trial version of Corellium finally. The dashboard is simple There are a lot of device options that we can select also android or ios versions are there. For Samsung Galaxy Note 5 there is an option to select android versions. and The phone is on.
-
Fuzzing Linux Kernel with syzkaller
Google’s guide is sufficient to follow at the end of the setup you need to give config file to the syzkaller. for the workdir, the $GOPATH is going to be syzkaller path , not the GO’s path For example: ./bin/syz-manager -config=my.cfg It started to create a corpus. After a while, if we are lucky, syzkaller…
-
Analysis of TD-W9960 Router
Download the firmware from the official TP-Link website. The screenshot is Turkish. I’m sorry for that. By Frimware Analysis Tool (FAT) its pretty easy to extract and start the fully emulate the system with qemu It’s successfully booted up For exit from the qemu CTRL+A and press X. In order to run particular executables, we…
-
Android 11 Kernel Exploitation Workshop
Booted up an Android kernel as I mentioned here. The branch name is android11-5.4. Kernel is compiled We used the wall-of-perdition’s vulnerable firewall to exploit. We used the make in the compiled kernel directory in order to compile the firewall module and then wget and insmod. Result is I added a rule to the firewall…
-
CVE-2022-2588
https://github.com/Markakd/CVE-2022-2588
-
CVE-2022-34918 LPE
https://github.com/randorisec/CVE-2022-34918-LPE-PoC https://randorisec.fr/crack-linux-firewall/
-
CVE-2022-32250 Linux Kernel Vulnerability
Install KVM by following all the steps in the url. https://phoenixnap.com/kb/ubuntu-install-kvm Download Ubuntu 22.04 (Jammy Jellyfish) for KVM https://old-releases.ubuntu.com/releases/ For Downgrading the kernel version we used Mainline Kernel Installer sudo add-apt-repository ppa:cappelikan/ppa sudo apt install mainline Install Linux Kernel 5.15.0-051500-generic During boot, press ESC+Shift for the GNU GRUB Menu Advanced option for Ubuntu Select the…
-
Elfloader
We will take a look at this repo: https://github.com/malisal/loaders
-
Debugging Linux Kernel With QEMU
Install all dependencies and libraries for compiling the Linux Kernel sudo apt install libncurses5-dev libssl-dev bison flex libelf-dev gcc make openssl libc6-dev Clone the Linux Kernel source code git clone https://github.com/torvalds/linux.git Right after the compilation, open the configuration menu of the kernel cd linux make menuconfig Be sure the those configuration are on CONFIG_DEBUG_INFO=y CONFIG_GDB_SCRIPTS=y…