Code Injection
[TBD fix links]
1 Stack Smashing
- This is the core discussion.
- Overview + Prevention Required
- Aleph One Classic Required
- modReturnAddress modret.c by Prabhaker Mateti
2 ASLR Address Space Layout Randomization
- ASLR is a mitigation technique.
- ./ASLR
- Android Framework Component: Zygote, Morula
- Android Disassembly & Code Injection http://www.syssec-project.eu/m/page-media/158/syssec-summer-school-Android-Code-Injection.pdf
- ./ASLR-utaustin-2009.ppt ASLR Address Space Layout Randomization. Required Reading.
3 ROP Return Oriented Programming
- Carlini, Nicholas, and David Wagner. "ROP is still dangerous: Breaking modern defenses." In USENIX Security Symposium. 2014. Required Reading
- ./ROP/
4 References
- Ryan Roemer, Erik Buchanan, Hovav Shacham and Stefan Savage, "Return-Oriented Programming: Systems, Languages, and Applications", University of California, San Diego, 2012; https://cseweb.ucsd.edu/~hovav/dist/rop.pdf Reference https://www.blackhat.com/presentations/bh-usa-08/Shacham/BH_US_08_Shacham_Return_Oriented_Programming.pdf Required Reading
- http://www.cydiasubstrate.com/ A Code Modification Platform. "While Android itself is "open", the devices that run it often aren't. Before installing Substrate, you will first need to get root access on your device." Recommended Install.