Building Android Sandcastles in Android's Sandbox
- Type
- Paper
- Tags
- Android
- Event
- Black Hat Abu Dhabi 2010
- Indexed on
- Mar 27, 2013
- URL
- https://media.blackhat.com/bh-ad-10/Nils/Black-Hat-AD-2010-android-sandcastle-wp.pdf
- File name
- Black-Hat-AD-2010-android-sandcastle-wp.pdf
- File size
- 492.9 KB
- MD5
- 54cc33ad0c4b0e248d273eb7b3898eaf
- SHA1
- f630676c365db668be73bb589904231677e2b953
The well-known way of breaking out of the Android sandbox is using a recent local Linux kernel exploit for privilege escalation. However, why always pick on Linus in Ring-0 when there is so much more to explore in user mode. Join me in a fascinating journey through Android's sandbox implementation with a lot of IPC endpoints, Services, Content providers, Serialisation, Permissions, Activities and much more, all scattered through multiple processes with different privilege levels. From a single point of entry we will build our majestic sandcastle in Android's sandbox, spanning multiple processes to hopefully obtain the holy grail of Android permissions: android.permission.INSTALL_PACKAGES
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
