...stuff I do and things I like...

Tuesday, June 19 2012

Android DBI Framework Source!

I just uploaded my Android Dynamic Binary Instrumentation (DBI) framework. As I wrote before the framework is very simple. It supports hooking function entry points only. The source includes the shared library (.so) injector and the hooking/patching functionality. I also included one simple example instrument to sniff the UART communication between com.android.nfc and the NFC chip on a Galaxy Nexus.

I plan to further enhance this toolset and welcome everybody to submit patches. If there is a lot of interest I will move the source to a public archive like github.

The first release is available here: collin_android_dbi_v01.zip

To use this tool you need a Linux ARM gcc compiler such as included in the Android NDK.

Monday, June 11 2012

Binary Instrumentation on Android

Last weekend I attended SummerCon in Brooklyn NYC and presented my take at doing binary instrumentation on Android. My way of doing instrumentation is very simple compared with other instrumentation frameworks but so far nobody build and released anything for Android / ARM so I had to build my own. Have said that I will for sure release my framework I just need a few days to do this! Please feel free to bug me about this!

So why did I start with binary instrumentation? Well I wanted to continue my NFC security research on Android. Since NFC involves extra hardware it also includes a bunch of native code and thus I started instrumenting that. The result so far was that I build an instrument that acts as an emulation layer inside com.android.nfc. This emulation layer allows me to inject payloads of RFID tags into the nfc process as if they where read from an actually tag. This is of course build for fuzzing ;-) I haven't done any real fuzzing using this so far because I just finished the tool before SummerCon. A demo video that shows tag read emulation can be seen here: nfcemuvideo.mp4

More updates on both subjects will follow soon!


SummerCon was totally awesome, many thanks to the organizers! The conference was small enough to speak to all presenters and to many of the attendees. I met like half of the US people I follow on twitter for the first time in person. How awesome is this!