Greetings
I found some great content on the Snapdragon family on xda, but it did not cover the initialization flow of the platform. My goal is learn how to interface with the TZ service, i.e. what API to use, which mode to be in to exchange traffic to and from the service, and what can be done with it. I do realize and respect the sophisticated nature of discussions here; however other groups just do not address such questions. Currently I think I need to learn what happens within the bootloader in order to accomplish my goal. Is that true? How can I learn more about this? I unpacked the stock kernel and there is a file in there called sbl1.mbn. Is that perhaps secondary bootloader? How do I unpack and reverse engineer it? What tool should I use?
Related
Hello all,
I hope this is the right medium for this message. I am writing to inform all of you about my use of the Xposed framework in my security research on Android.
I'll start off with the abstract of the published paper and then talk a bit about the internals of the system.
Mobile Malware Exposed
The 11th ACS/IEEE International Conference on Computer Systems and Applications (AICCSA'2014)
In this paper, we propose a new method to detect malicious activities on mobile devices by examining an application’s runtime behavior. To this end, we use the Xposed framework to build a monitoring module that integrates with an intrusion detection system to generate behavior profiles for applications, which our IDS can then analyze and report on. We then use this tool to detect malicious behavior patterns using both a custom-written malware and a real one. We also detect behavior patterns for some popular applications from the Google Play Store to expose their functionality. The results show that standard techniques that are used to evade static analysis techniques are not effective against our monitoring approach. This approach can be generalized to detect unknown malware or expose exact application behavior to the user.
This was written several months ago and so is somewhat dated by now(in the smartphone timeline) but the bureaucracy of the academic world forced me to wait before i can share this. When I was writing this, there was no mention of using Xposed in such work before.
The gist of the research was using an Xposed module to generate a behavioral profile and use behavioral analysis to try and find malware on Android. A lot of behavioral analysis before used to involve modifications to the system or the applications but with Xposed, I was able to make applications "talk" to my monitoring system without any apparent modifications to the underlying source code. The behaviral profile is a direct indication of functionality in the application thus avoiding the pitfalls of static analysis in terms of encrypted, hidden and/or mutating code.
I don't want to make this post too long but I'm happy to answer any questions if anyone is interested. I also wanted to thank rovio and contributors for the work done on Xposed. I've had the pleasure of having to go through the source code of Xposed to better understand its internals and I have to say that I enjoyed reading it.
Hi all, will give you a little background of my question before going into detail.
I am studying Forensic Computing & Cyber Security, I'm in my final year and we have to create or write a program and do the appropriate research for our projects. My current project idea is to use python to extract data from a chrome cast, whether this data just be a finite log, of what devices have connected, or when they have connected not sure what to expect yet. I am planning to use python for this and the good people over on the r/learnpython subreddit recommended I come here to ask a few questions before I get to deep into the project. Would I be able to extract data from the chromecast without rooting it? as if it has to be rooted it will make my project idea pretty redundant. I can't really go further until I know this, so I will carry on doing research if you guys could give me a helping hand that would be great.
i am concerned.
i love to root my device and remove bloatware. ya. samsung devices. full of junk.
i use titanium backup but it seems to have trouble with magisk because its systemless and not like supersu.
anyways, my concern is about custom roms that we download from these forums.
what are the odds of rom creators infecting "Keyloggers" in these roms? i mean these days we use Lastpass to enter in our master password which contains all our passwords for our emails and other sites.
as well as authy.
its just a question.
yes. i prefer a custom rom and favor it as opposed to samsung roms.
any feedback?
@cylent
It's absolutely possible from looking at the Android Accessibility APIs:
developer.android.com/guide/topics/ui/accessibility
But, from my knowledge and testing, the key logger would need EXPLICIT access to the 'Accessibility Services'.
(Options > Settings > Accessibility) + see the attached screen shot.
If you installed a custom ROM and saw an application listed here not explicitly defined in the release notes, ensure it isn't enabled. Next query the developer as to its purposes. It's possible that just because it shows here that it isn't necessarily malicious and might serve a greater purpose.
If you receive no response or a runaround, disable it under 'Accessibility' and find the corresponding name under 'Apps' and remove it.
For that matter, dump the ROM altogether and find another immediately. I'd like to think our savvy little community would pick up on this breach of trust ASAP.
For testing purposes, mine is called 'Android Keylogger' but a malicious user could (and likely would) call it something less threatening.
Hopes this helps!
Clarifying the root system is a hazardous producer alternative that negates the gadget's guarantee in a brief timeframe however offers more advantages. In the cutting edge mechanical local area, there are various applications to root gadgets. In the event that the necessity is to root Samsung Galaxy gadgets, there is an authority application for brilliant mobiles called Odin v3.09. This Samsung Odin streak instrument is another high-level XDA designer creation that depends on the use of Samsung Inc. The application was at first stowed away from normal clients since it was formally utilized uniquely in the influenced administration focuses to fix mistakes brought about by crashes.
Beat issues of uses, for example, boot circle and other programming mistakes. At that point download, Odin v3.09 was uncovered and now all Galaxy clients reserve the option to streak different capacities or root gadgets with the referenced Odin 3.09 application in a brief timeframe. CF Auto Root is the solitary exemption for root cell phones.
Make certain to counsel the authority guidelines for the instrument. On the off chance that the interaction is executed with wrong directions, it might offer awful habits sooner rather than later.
Back up significant documents and applicable information in the correct manner. Something else, the necessary documents will be interfered with right away.
Ensure that you have downloaded the proper application on Roots.
odin3tool said:
Clarifying the root system is a hazardous producer alternative that negates the gadget's guarantee in a brief timeframe however offers more advantages. In the cutting edge mechanical local area, there are various applications to root gadgets. In the event that the necessity is to root Samsung Galaxy gadgets, there is an authority application for brilliant mobiles called Odin v3.09. This Samsung Odin streak instrument is another high-level XDA designer creation that depends on the use of Samsung Inc. The application was at first stowed away from normal clients since it was formally utilized uniquely in the influenced administration focuses to fix mistakes brought about by crashes.
Beat issues of uses, for example, boot circle and other programming mistakes. At that point download, Odin v3.09 was uncovered and now all Galaxy clients reserve the option to streak different capacities or root gadgets with the referenced Odin 3.09 application in a brief timeframe. CF Auto Root is the solitary exemption for root cell phones.
Make certain to counsel the authority guidelines for the instrument. On the off chance that the interaction is executed with wrong directions, it might offer awful habits sooner rather than later.
Back up significant documents and applicable information in the correct manner. Something else, the necessary documents will be interfered with right away.
Ensure that you have downloaded the proper application on Roots.
Click to expand...
Click to collapse
Wonderful info, i learned a lot of new things from here. I hope you write more about it.
All,
I need help immediately..I'm not a developer or tech savvy type beyond corp correspondence and general reporting for project management. I've been hacked in the worst way by criminals I caught doing some very nasty things in my name and on my property. They used Bluetooth and Wifi/Wifi Direct to pair with everything but the toaster in my house. They are using OMADM protocol to send APKs and other apps directly into my devices with what appears to be permanent USB tethering embedded that I cannot breaK and every new device get the same data dump from some cloud or text or email and renders my devices slaves. They've used everything from remote desktop services to ALL legitimate apps DL from playstore Github and other places. These are not detected by malware spyware or antivirus. They install them in the system side via OTA root. It's taken me 9 months to learn this reading bits and pieces like reading 10 books at a time two pages from each book every tem minutes then trying to understand it and apply. Law enforcement is useless. Can YOU help me??! It's cost me my house my patience and nearly my life. If you can and are willing let me know how to contact you on secure platform. I even need your help to do this securely and safely. I'll PAY. I need help. Please. These are Linux and Java code writers and app writers. They KNOW how to attack. Who out there will help? I can provide phone number, email add etc and will contact you in anyway you prefer.
Victimized23322 said:
All,
I need help immediately..I'm not a developer or tech savvy type beyond corp correspondence and general reporting for project management. I've been hacked in the worst way by criminals I caught doing some very nasty things in my name and on my property. They used Bluetooth and Wifi/Wifi Direct to pair with everything but the toaster in my house. They are using OMADM protocol to send APKs and other apps directly into my devices with what appears to be permanent USB tethering embedded that I cannot breaK and every new device get the same data dump from some cloud or text or email and renders my devices slaves. They've used everything from remote desktop services to ALL legitimate apps DL from playstore Github and other places. These are not detected by malware spyware or antivirus. They install them in the system side via OTA root. It's taken me 9 months to learn this reading bits and pieces like reading 10 books at a time two pages from each book every tem minutes then trying to understand it and apply. Law enforcement is useless. Can YOU help me??! It's cost me my house my patience and nearly my life. If you can and are willing let me know how to contact you on secure platform. I even need your help to do this securely and safely. I'll PAY. I need help. Please. These are Linux and Java code writers and app writers. They KNOW how to attack. Who out there will help? I can provide phone number, email add etc and will contact you in anyway you prefer.
Click to expand...
Click to collapse
Hi Victimized23322
XDA is not the right platform for such request and I'm compelled to warn our members that your request may be malicious in itself. Playing the victim is a very common practice used by phishers and con artists.
Therefore I recommend all members not to engage with @Victimized23322 about his/her problem. Any damages and/or losses resulting from engaging are entirely your own responsibility.
Thank you for understanding my concern, we have to take this into account. If what you explained is true, you need a specialized security firm that deals with these type of attacks.