spinpx

Some improvements for libdft

Updated in libdft64.

libdft is a taint tracking tool, which is pratical in commodity systems.

However, it dose not support the newest Pin tool and x86-64 binaries.

We are doing some works to improve this tool. and I will open source this work after We finish it.

Checklist

spinpx

afl_pin_mode

This weekend I open souce afl_pin_mode. The code is in spinpx/afl_pin_mode

I will write an article here about this tool recently.

TODO

• Why I re-invent such a tool?
• How to implement forkserver in PIN

spinpx

Attack USB Accessory in Android

Android supports external accessories(hardware) to interact with the android-powerd devices and they are connected by USB. There are mainly two ways in Android to communicate with the external hardware: ADB and AOA. However, both of them exist security issues if you are using them mistakenly or even not.

ADB

The traditional way of enabling communication between the the external hardware and android devices is ADB (Android debug bridge). It’s a tool let you communicate with an Android driver. It also supports the external hardware to communicate with an app in Android. For example, the app can creates a TCP server, and the external hardware acts as a client to connect the server via ADB port forwarding.

Since the TCP server is open, all the apps in the same Android device can connect to it if they know the port. Worse, if the server IP is set as “0.0.0.0”, which means it is open to everyone in the Inte

spinpx

TCP Reset attack

RESET is a flag in TCP packets to indicate that the conection is not longer working. So, if any of the two participants in a TCP connection send a packet contains such a RESET flag, the connection will be closed immediately.

Thus it can be use to attack TCP connections once the attacker can forge TCP packets from any of the two parties if he or she know their IPs, ports and the sequence number of current TCP connection.

The attack can be used to make certain users to fail to use certain network services based on TCP if we know the information above.

In practice, we should eavesdrop the victims’ communications to get their IPs, ports and the sequence number. You can do it by:

spinpx

Ways to bypass authentication in Android SDK

Several Android SDKs ask the user to register a key before using them. The key might be unique to each user and used to authenticate the user. This is to track or limit the users of the SDKs or earn benifit from the users.

The authentication step can be in :

• SDK
• Server
• Others

SDK

spinpx

Gollum

• install gollum
• test gollum

gollum --host localhost --port 4483 --base-path wiki

Proxy

• enable proxy

spinpx

scroll events under Javascript

• Recently, I wrote an single page site like slides. It involves some keyboard，mouse wheel events.
• Depend on Jquery.
• once you have binded the event, remains is easy. just needs margin or padding the content area 100%, or jump to the target anchors.

Keyboard Event

$(document).keydown(function(e) {
   var tag = e.target.tagName.toLowerCase();