This article will record a journey how did i hack a website. DON’T DO ANYTHING BAD! 1.Gathering more and more informations Google is a very useful tool,make good use of google hacking may yield  twice the result with half the effort. Some significant grammars are as follow: site:xxxx.com filetyp...

1.Install Burp Certificate on Android this part you can see : 安卓APP测试之使用Burp Suite实现HTTPS抓包方法 2.Set Proxy set proxy on burpsuite and mobile: set proxy on mobile,ensure that burpsuite and test mobile at the same wifi. 3.Modify key API So far,you can monitor many https connections such as self signed certificate with weak c...

Hi,everybody,it’s about half year from my last article.During which time, i went through a lot of things. At the end of 2016,i intend to make a summary for my 2016,so, this article will not talk about any of technology detail,instead,look back on my 2016 and make some plans for the upcoming 2017.One last thing,i’ll try my best to update my bl...

This article will discuss something about Android4.2 kernel debugging,i won’t tell you how to set up the environment , if you want to know how,please review this article : Android Linux内核编译调试 , but that article still contains some errors, for example , the command to open an emulator that can be debugged is as below: ...

1.Overview In 0ctf2016 ,there are many hard challenges,the ‘state of art’ is one of that. This article will not only talk about that challenge but also introduce some details of Android ART.If you find something wrong, please don’t hesitate to tell me,thanks! 2. Android ART I won’t introduce the all of Android ART in ...

In the process of learning English these days , i want to find some useful apps to make me more effective,so, finding this app : “voa每日英语”  (by 2015.12.08) . This app seemed good until i saw the comments: Then i installed this app and see how it would act : Every time when i open this app,it will automatically download ads! so i crack...

After becoming an intern in keen team about half a month, i am seriously aware of the importance of English. So, i make a decision that from now on,i’ll  use English instead of Chinese to update my blog. I’ll try my best to keep my blog updated,although i may not have much time like one year before.I am happy to share my study experience ...

今年的比赛运气比较好,最终排名前20(学生潜力榜第四),到手2500大洋 ^-^ 这次阿里的题出的比去年难得多了,到第三题各种so混淆,只能怪自己源码研究的还不够深,还得继续努力阿~ 第一题 用netbeans动态跟smali,在所有比较处下断点,经调试发现在45540行,v4固定为520676,并与计算过后的输入值作比较(v10): 当输入为1时v10为124751,输入为2时v10为124752,输入为3时v10为124753...

前段时间参加了NSCTF(绿盟举办的ctf),题目总体而言不是很难,其中有两题exp的高分题还挺有意思的,这里记录下当时写的exp1500的writeup。 题目要求在win7 64位以上的环境(开启DEP和ALSR)下溢出一个程序,使得弹出计算器,漏洞程序在这:http://pan.baidu.com/s/1c07EimG(提取码9y8t)。 脱壳之后,经过IDA分析之后发现,该程序存在缓冲区溢出漏洞,在ENCRYP...

这篇文章将从Android源码编译开始,一步步定制自己的Android ROM。使用到的设备为Nexus 5,Android源码版本为4.4.4_r2,编译环境为kali2.0 64位。 1.Android源码编译 android源码下载这里不再介绍,具体可以看google的官方文档。 1.1准备编译环境 编译android源码需要sun/oracle的jdk(kali2.0自带的为openJDK),3.8版本的make,还要安装的依赖库如下: ...

echo1是linux64下的溢出题。IDA逆出来的main函数: C int __cdecl main(int argc, const char **argv, const char **envp) { int *v3; // rsi@1 void *v4; // rax@1 int v6; // [sp+Ch] [bp-24h]@1 _QWORD v7[4]; // [sp+10h] [bp-20h]@1 setvbuf(stdout, 0LL, 2, 0LL); setvbuf(stdin, 0LL, 1, 0LL); o = mallo...

这篇文章接着上篇pwnable刷题writeup之Toddler’s Bottle(一): 9.mistake #include <stdio.h> #include <fcntl.h> #define PW_LEN 10 #define XORKEY 1 void xor(char* s, int len){ int i; for(i=0; i<len; i++){ s[i] ^= XORKEY; } } int main(int argc, char* argv[]){ int fd; if(...

最近在练习pwn,pwnable.kr这个网站有很多很有意思的pwn题,现放出我的部分刷题writeup: 1.fd 源码如下: C #include <stdio.h> #include <stdlib.h> #include <string.h> char buf[32]; int main(int argc, char* argv[], char* envp[]){ if(argc<2){ printf("pass argv[1] a number\n"); return 0; } int fd = at...

APK的http请求中使用的安全措施大致可以分成3个阶段: java层的签名+加密 so层的签名+加密 https 当然,并不是说在so中的安全措施就一定比在java层的安全,https亦如此(曾经看过一个apk在java层模拟了https,一样也能起到比较好的安全防护效果)。 https也不能完全保障安全性,APK的保护还是需要综合各类措施。这篇文章将介绍如何使用fiddler监控任意APK发送的https请求,可以...

Cydia Substrate出了android版本的hook框架,不仅能hook java层函数,还能hook so中的函数,其核心原理是函数的inline hook,与xposed有着十分大的差别(xposed主要通过hookMethodNative将java层函数替换成native层函数而完成hook)。 合理使用Cydia Substrate可以有效绕过反调试,签名校验还可以制作脱壳机等,大大加快分析APK的效率。这篇文章主要介绍使用Cydia Substrate A...

上篇文章介绍了so加壳(加密特定section)的原理,回顾点这。这篇文章将介绍如何使加壳的so正常运行。 1.动态解密原理 在上篇文章说的加壳原理中,将特定section的长度和偏移分别写入so头部的e_entry和e_shoff字段,那么在解密时只需读取这两个字段即可找到特定section的偏移。接下来还需解决以下几个问题: 如何找到so被加载的起始地址 什么时候进行解密 如何动态修改内存权限 问题一:...

+
跳转到评论