tag: Android

The Fuzzing Guide to the Galaxy: An Attempt with Android System Services

Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed-source system services powering these modifications, discovering CVE-2022-39907 and CVE-2022-39908 along the way.

ARM TrustZone: pivoting to the secure world

  1. Discovery of two vulnerabilities in secure world components
  2. Exploitation to get code execution in a trusted driver, while not having a debugger for this obscure environment
  3. Leverage of aarch32 T32 instruction set to find nice stack pivots
  4. Turning an arbitrary write into an arbitrary code execution