I recently spent some time exploring the potential capabilities that an evil IoT device might have within an AWS IoT Core environment. This culminated in the thoughts I've transcribed in this blog post, as well as a command-line tool to help with enumeration and data harvesting during security assessments of products that...
"Superpacking is a method of optimal binary compression developed by Meta to help reduce the size of their Android APKs. This compression for APKs makes sense for reducing network traffic required for distribution, but becomes an issue when trying to recover the original native ARM binaries for analysis. This post walks through...
"This is part 1 of a 2-part series on Android SELinux Internals where we will do a deep dive into the world of SELinux on Android and understand its inner workings, along with its functionalities and benefits. We'll discuss how SELinux provides security on Android devices and ways to bypass it."
Normally you need to use a rooted iOS device to extract a device-specific encryption key that you can use to decrypt IPAs - this web service allows anyone to obtain the decrypted app files, even if they don't own an Apple device!
"In this article, we will dive into the details of an open-redirect vulnerability discovered during the Pwn2Own 2022 event and how we exploited it on a Samsung S22 device. By breaking down the technical aspects and using code snippets, we aim to provide a comprehensive overview of this critical security flaw."
"This article delves into the reverse engineering of Dart executable or Flutter release applications. We focus on the reverse engineering of byte arrays."
"This post dives into the Android permission system and how a solver was leveraged to find new vulnerabilities. With this approach, a privilege escalation was identified, which was fixed and assigned CVE-2023-20947 by Google."
Bushido Security | "This fuzzing introduction covers all the essentials one should know about the art of fuzzing. It explains major concepts and illustrates them with hands-on exercises the reader can follow."
From what I've seen, generally it's assumed that the reverse engineering was done cleanly, unless there's specific evidence to the contrary (i.e., explicitly copied code, references to leaked codebases, etc.).
This answer on StackOverflow is well-cited and goes into a lot of the US legal precedent surrounding these issues.
All that being said, if you're profiting off of the work, you've entered an entirely different risk matrix.
OC AWS IoT Core: A Compromised Device Perspective (seanpesce.blogspot.com)
I recently spent some time exploring the potential capabilities that an evil IoT device might have within an AWS IoT Core environment. This culminated in the thoughts I've transcribed in this blog post, as well as a command-line tool to help with enumeration and data harvesting during security assessments of products that...
David Attenborough narrates a cyber attack (youtu.be)
(Made for a meme in one of my group chats)
I guess my data is safe then
Desuperpacking Meta's Superpacked APKs (clearbluejar.github.io)
"Superpacking is a method of optimal binary compression developed by Meta to help reduce the size of their Android APKs. This compression for APKs makes sense for reducing network traffic required for distribution, but becomes an issue when trying to recover the original native ARM binaries for analysis. This post walks through...
No time for nonsense
Finding Gadgets for CPU Side-Channels with Static Analysis Tools (github.com)
Google researchers Jordy Zomer & Alexandra Sandulescu explain how they used CodeQL to discover Spectre-v1 gadgets in the Linux kernel.
[Megathread] /m/ReverseEngineering questions & discussion
I'm stickying this thread for minor discussions related to reverse engineering, including:...
Android SELinux Internals (8ksec.io)
"This is part 1 of a 2-part series on Android SELinux Internals where we will do a deep dive into the world of SELinux on Android and understand its inner workings, along with its functionalities and benefits. We'll discuss how SELinux provides security on Android devices and ways to bypass it."
Hardware Debugging for Reverse Engineers (wrongbaud.github.io)
A series of excellent blog posts by wrongbaud; this is must-read content for any beginner at hardware reverse engineering.
LibreOffice Arbitrary File Write (CVE-2023-1883) (secfault-security.com)
Write up by Secfault Security
Static Analysis of C++ Virtual Tables (GCC) (hardwear.io)
CVE-2023-25136 OpenSSH Pre-Auth Double Free Writeup & DoS PoC (jfrog.com)
Day[0] Podcast (DayZeroSec) - a deeply technical podcast that covers infosec news, vulnerabilities/exploits, and per-episode "Spot the Vuln" challenges (youtube.com)
In my opinion, this is far-and-away the best infosec audio/video content out there (and no, I'm not affiliated in any way)....
Incredibly useful (but unheard-of) utility for iOS app reversing - a web-based app downloader/decryptor (armconverter.com)
Normally you need to use a rooted iOS device to extract a device-specific encryption key that you can use to decrypt IPAs - this web service allows anyone to obtain the decrypted app files, even if they don't own an Apple device!
One-click Open-redirect to own Samsung S22 at Pwn2Own 2022 (starlabs.sg)
"In this article, we will dive into the details of an open-redirect vulnerability discovered during the Pwn2Own 2022 event and how we exploited it on a Samsung S22 device. By breaking down the technical aspects and using code snippets, we aim to provide a comprehensive overview of this critical security flaw."
Reversing Flutter Apps: Dart’s Small Integers (cryptax.medium.com)
"This article delves into the reverse engineering of Dart executable or Flutter release applications. We focus on the reverse engineering of byte arrays."
Discovering vulnerabilities in Android permissions using a solver approach (blog.thalium.re)
"This post dives into the Android permission system and how a solver was leveraged to find new vulnerabilities. With this approach, a privilege escalation was identified, which was fixed and assigned CVE-2023-20947 by Google."
REcon 2023 slides have started uploading (cfp.recon.cx)
Just click on the schedule item(s) you're interested in, and the slides should be attached in the page for each presentation.
Turning Google Smart Speakers Into Wiretaps (downrightnifty.me)
Great article about reverse engineering Android apps, protobufs, and more.
An Introduction to the Art of Fuzzing (bushido-sec.com)
Bushido Security | "This fuzzing introduction covers all the essentials one should know about the art of fuzzing. It explains major concepts and illustrates them with hands-on exercises the reader can follow."
[x-post] How do projects like PINE64 and Asahi Linux write open-source drivers legally?
Original post: https://kbin.social/m/tech/t/57239/How-do-projects-like-PINE64-and-Asahi-Linux-write-open-source...
Exploiting null Dereferences in the Linux Kernel | Project Zero (googleprojectzero.blogspot.com)
iOS App Extraction & Analysis (datalocaltmp.github.io)
datalocaltmp discusses the basics of iOS application reversing
REUnziP: Re-Exploiting Huawei Recovery With FaultyUSB (labs.taszk.io)
Obtaining privileged execution on Huawei devices with a ToC-ToU vulnerability in the firmware recovery mechanism ZIP archive parser
React Native Android Application Reverse Engineering & Pentesting (payatu.com)
An overview of React Native application structure on Android, plus some useful information about Hermes engine bytecode/disassembly.