Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/vprlab/componenthijackingexploit

Demo Exploits and Vulnerable APKs for my HitCon'14 topic
https://github.com/vprlab/componenthijackingexploit

Last synced: 8 months ago
JSON representation

Demo Exploits and Vulnerable APKs for my HitCon'14 topic

Awesome Lists containing this project

README 

          
ComponentHijackingExploit

=========================



Intro

-------

Here are the demo exploits and vulnerable apks for my HitCon'14 presentation titled **"On the Feasibility of Automatically Generating Android Component Hijacking Exploits"**.

 - My PPT: http://www.slideshare.net/daoyuan0x/chv-exploit-hitcon-38299593

 - HitCon agenda: http://hitcon.org/2014/agenda/



Overview

--------

In this talk, we conduct an empirical study to explore the feasibility of automatically generating exploits for vetting component hijacking vulnerabilities in Android apps. Our study takes our hands-on exploit analysis for several real vulnerable apps as basis, and meanwhile reflects them to high-level analysis. Through this process, we identify several challenges that need to be addressed for a robust exploit generation technique, and some of them are first pinpointed. In particular, we believe one challenge is nearly impossible to be automatically tackled, if no domain knowledge is pre-provided. Overall, an automatic, accurate, and efficient solution for generating component hijacking exploits remains enough room to explore.



Exploits

--------

 - HackCleanMaster has two versions. You need to make a bit code change for moving to another version.

 - Facebook exploit can be found here: http://seclists.org/bugtraq/2013/Jan/27



Vulnerable APKs

---------------

GO SMS Pro has two versions: 4.35 and 5.23, but I missed the 5.23 apk. So I only include its Manifest and Jar files.