Tuesday, June 19 2012
I just uploaded my Android Dynamic Binary Instrumentation (DBI) framework. As I wrote before
the framework is very simple. It supports hooking function entry points only. The source
includes the shared library (.so) injector and the hooking/patching functionality. I also
included one simple example instrument to sniff the UART communication between
com.android.nfc and the NFC chip on a Galaxy Nexus.
I plan to further enhance this toolset and welcome everybody to submit patches. If there
is a lot of interest I will move the source to a public archive like github.
The first release is available here: collin_android_dbi_v01.zip
To use this tool you need a Linux ARM gcc compiler such as included in the Android NDK.
Monday, June 11 2012
Last weekend I attended SummerCon in Brooklyn NYC and presented my take at doing binary instrumentation on Android. My way of doing instrumentation is very simple compared with other instrumentation frameworks but so far nobody build and released anything for
Android / ARM so I had to build my own. Have said that I will for sure release my framework I just need a few days to do this! Please feel free to bug me about this!
So why did I start with binary instrumentation? Well I wanted to continue my
NFC security research on Android. Since NFC involves extra
hardware it also includes a bunch of native code and thus I started instrumenting that. The result so far was that I build an instrument that acts as an
emulation layer inside com.android.nfc. This emulation layer allows me to inject payloads of RFID tags into the nfc process as if they where read from an actually tag. This is of course build for fuzzing ;-) I haven't done any real fuzzing using this so far because I just finished the tool before SummerCon. A demo video that shows tag read emulation can be seen here: nfcemuvideo.mp4
More updates on both subjects will follow soon!
SummerCon was totally awesome, many thanks to the organizers! The conference
was small enough to speak to all presenters and to many of the attendees. I met like half of the US people I follow on twitter for the first time in person. How awesome is this!