profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/cryptax/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

cryptax/androidre 392

Reverse engineering Android

cryptax/confsec 349

Security, hacking conferences (list)

cryptax/droidlysis 93

Property extractor for Android apps

cryptax/dextools 74

Miscellaenous DEX (Dalvik Executable) tools

cryptax/angeapk 59

Encrypting a PNG into an Android application

cryptax/fittools 31

Wristband research tools

cryptax/misc-code 22

Miscellaneous code

cryptax/spectre-armv7 18

This is an attempt to implement Spectre on ARMv7

cryptax/angepoc 11

Angecryption PoC

cryptax/techweb 9

My own technical notes

push eventph0wn/ph0wn.github.io

axelle

commit sha 513d1792644159bc25a66356d61188cb2dec9406

changing affiliation

view details

push time in a day

push eventcryptax/techweb

cryptax

commit sha 98fbddeed4a37f70b7a7048bbf2c016278e861c5

modif

view details

push time in 9 days

push eventph0wn/ph0wn.github.io

ph0wn

commit sha 9182e28ac4b5569ff3e1084192391da1c15c7204

fixing dependabot issue with addressable

view details

push time in 11 days

push eventph0wn/ph0wn.github.io

cryptax

commit sha 557b02d1e0e67ce51126dffbf229da6ed80dd56b

adding ringzer0 as sponsor

view details

push time in 11 days

push eventcryptax/techweb

cryptax

commit sha cbe81c3225bc07370f6f86b7f7c789870a7a4d60

swap files

view details

push time in 12 days

push eventcryptax/techweb

cryptax

commit sha 1ffb33da3ad34af955bbd74df3d6cc94b0c16c94

update

view details

push time in 12 days

issue closedMobSF/Mobile-Security-Framework-MobSF

Cannot connect to Frida 15.0.x

ENVIRONMENT

OS and Version: Linux Mint 20.2
Python Version: 3.8.10
MobSF Version: 3.4.5 Beta
Frida: 15.0.16

EXPLANATION OF THE ISSUE

I cannot use MobSF Dynamic analysis any longer: it is unable to connect to Frida.

[ERROR] 23/Aug/2021 13:34:08 - Error Connecting to Frida
Traceback (most recent call last):
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/mobsf/DynamicAnalyzer/views/android/frida_core.py", line 129, in connect
    pid = device.spawn([self.package])
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/frida/core.py", line 149, in spawn
    return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.NotSupportedError: need Gadget to attach on jailed Android; its default location is: /home/axelle/.cache/frida/gadget-android-arm64.so

Everything used to work fine a month or two ago. MobSF would automatically download Frida and MobSFy my Android emulator. Now, it does not work. Perhaps: it used to work with Frida 14.x, now with Frida 15.x, it does not.

If I try Frida, though, it looks like it is working:

~/softs/Mobile-Security-Framework-MobSF$ frida-ps -U
  PID  Name
-----  ---------------------------------------------------
 8392  Calendar                                           
 8440  Clock                                              
 3923  Contacts                                           
 7289  Drive                                              
 7170  Files                                              
 2304  Google App                                         
 8472  Wallpapers                                         
 6200  adbd                                               
 1433  android.hardware.audio@2.0-service                 
 1553  android.hardware.biometrics.fingerprint@2.1-service
 1435  android.hardware.camera.provider@2.4-service       
 1436  android.hardware.configstore@1.0-service           
  • I do not have /home/axelle/.cache/frida/gadget-android-arm64.so on my host.
  • The emulator is seen fine:
$ adb devices
List of devices attached
emulator-5554	device

STEPS TO REPRODUCE THE ISSUE

  1. Install MobSF
  2. Launch Android emulator 8 ~/Android/Sdk/emulator/emulator -avd Android8 -writable-system &> /dev/null &
  3. Load an APK, and select Dynamic analysis
  4. Start Instrumentation. You get the error.

LOG FILE

[INFO] 23/Aug/2021 13:33:28 - 
  __  __       _    ____  _____         _____ _  _   
 |  \/  | ___ | |__/ ___||  ___| __   _|___ /| || |  
 | |\/| |/ _ \| '_ \___ \| |_    \ \ / / |_ \| || |_ 
 | |  | | (_) | |_) |__) |  _|    \ V / ___) |__   _|
 |_|  |_|\___/|_.__/____/|_|       \_/ |____(_) |_|  

[INFO] 23/Aug/2021 13:33:28 - Mobile Security Framework v3.4.5 Beta
[INFO] 23/Aug/2021 13:33:28 - OS: Linux
[INFO] 23/Aug/2021 13:33:28 - Platform: Linux-5.10.0-1044-oem-x86_64-with-glibc2.29
[INFO] 23/Aug/2021 13:33:29 - Dist: linuxmint 20.2 uma
[INFO] 23/Aug/2021 13:33:29 - MobSF Basic Environment Check
[INFO] 23/Aug/2021 13:33:29 - Checking for Update.
[INFO] 23/Aug/2021 13:33:29 - No updates available.
[INFO] 23/Aug/2021 13:33:45 - Creating Dynamic Analysis Environment for com.egov.app
[INFO] 23/Aug/2021 13:33:45 - ADB Restarted
[INFO] 23/Aug/2021 13:33:45 - Waiting for 2 seconds...
[INFO] 23/Aug/2021 13:33:47 - Connecting to Android emulator-5554
[INFO] 23/Aug/2021 13:33:47 - Waiting for 2 seconds...
[INFO] 23/Aug/2021 13:33:49 - Restarting ADB Daemon as root
[INFO] 23/Aug/2021 13:33:49 - Waiting for 2 seconds...
[INFO] 23/Aug/2021 13:33:51 - Reconnecting to Android Device
[INFO] 23/Aug/2021 13:33:51 - Waiting for 2 seconds...
[INFO] 23/Aug/2021 13:33:54 - Found Android Studio Emulator
[INFO] 23/Aug/2021 13:33:54 - Remounting
[INFO] 23/Aug/2021 13:33:54 - Performing System check
[INFO] 23/Aug/2021 13:33:54 - Android API Level identified as 26
[INFO] 23/Aug/2021 13:33:54 - Android Version identified as 8.0
[INFO] 23/Aug/2021 13:33:54 - Environment MobSFyed Check
[INFO] 23/Aug/2021 13:33:54 - Installing MobSF RootCA
[INFO] 23/Aug/2021 13:33:54 - Starting HTTPs Proxy on 1337
[INFO] 23/Aug/2021 13:33:54 - Enabling ADB Reverse TCP on 1337
[INFO] 23/Aug/2021 13:33:54 - Setting Global Proxy for Android VM
[INFO] 23/Aug/2021 13:33:54 - Starting Clipboard Monitor
[INFO] 23/Aug/2021 13:33:54 - Getting screen resolution
[INFO] 23/Aug/2021 13:33:54 - Removing existing installation
[INFO] 23/Aug/2021 13:33:54 - Installing APK - com.egov.app
[INFO] 23/Aug/2021 13:33:54 - Testing Environment is Ready!
[INFO] 23/Aug/2021 13:34:06 - Starting Instrumentation
[INFO] 23/Aug/2021 13:34:06 - Starting Frida Server
[INFO] 23/Aug/2021 13:34:06 - Waiting for 2 seconds...
[ERROR] 23/Aug/2021 13:34:08 - Error Connecting to Frida
Traceback (most recent call last):
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/mobsf/DynamicAnalyzer/views/android/frida_core.py", line 129, in connect
    pid = device.spawn([self.package])
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/frida/core.py", line 149, in spawn
    return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.NotSupportedError: need Gadget to attach on jailed Android; its default location is: /home/axelle/.cache/frida/gadget-android-arm64.so

closed time in 25 days

cryptax

issue commentMobSF/Mobile-Security-Framework-MobSF

Cannot connect to Frida 15.0.x

Ok, I managed to get it to work. It seems the problem was that I installed MobSF on a host which already had Frida. This somehow conflicted with the Frida for MobSF. So, I erased my ~/.MobSF directory, erased Frida from my host (if I need it, I'll put it in a virtual environment, that's always a better idea), and started setup again. This time, dynamic analysis works.

I'll close this issue, but there is perhaps something fishy with MobSF's Frida installation. Worth to check.

cryptax

comment created time in 25 days

issue openedMobSF/Mobile-Security-Framework-MobSF

Cannot connect to Frida 15.0.x

ENVIRONMENT

OS and Version: Linux Mint 20.2
Python Version: 3.8.10
MobSF Version: 3.4.5 Beta
Frida: 15.0.16

EXPLANATION OF THE ISSUE

I cannot use MobSF Dynamic analysis any longer: it is unable to connect to Frida.

[ERROR] 23/Aug/2021 13:34:08 - Error Connecting to Frida
Traceback (most recent call last):
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/mobsf/DynamicAnalyzer/views/android/frida_core.py", line 129, in connect
    pid = device.spawn([self.package])
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/frida/core.py", line 149, in spawn
    return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.NotSupportedError: need Gadget to attach on jailed Android; its default location is: /home/axelle/.cache/frida/gadget-android-arm64.so

Everything used to work fine a month or two ago. MobSF would automatically download Frida and MobSFy my Android emulator. Now, it does not work. Perhaps: it used to work with Frida 14.x, now with Frida 15.x, it does not.

If I try Frida, though, it looks like it is working:

~/softs/Mobile-Security-Framework-MobSF$ frida-ps -U
  PID  Name
-----  ---------------------------------------------------
 8392  Calendar                                           
 8440  Clock                                              
 3923  Contacts                                           
 7289  Drive                                              
 7170  Files                                              
 2304  Google App                                         
 8472  Wallpapers                                         
 6200  adbd                                               
 1433  android.hardware.audio@2.0-service                 
 1553  android.hardware.biometrics.fingerprint@2.1-service
 1435  android.hardware.camera.provider@2.4-service       
 1436  android.hardware.configstore@1.0-service           
  • I do not have /home/axelle/.cache/frida/gadget-android-arm64.so on my host.
  • The emulator is seen fine:
$ adb devices
List of devices attached
emulator-5554	device

STEPS TO REPRODUCE THE ISSUE

  1. Install MobSF
  2. Launch Android emulator 8 ~/Android/Sdk/emulator/emulator -avd Android8 -writable-system &> /dev/null &
  3. Load an APK, and select Dynamic analysis
  4. Start Instrumentation. You get the error.

LOG FILE

[INFO] 23/Aug/2021 13:33:28 - 
  __  __       _    ____  _____         _____ _  _   
 |  \/  | ___ | |__/ ___||  ___| __   _|___ /| || |  
 | |\/| |/ _ \| '_ \___ \| |_    \ \ / / |_ \| || |_ 
 | |  | | (_) | |_) |__) |  _|    \ V / ___) |__   _|
 |_|  |_|\___/|_.__/____/|_|       \_/ |____(_) |_|  

[INFO] 23/Aug/2021 13:33:28 - Mobile Security Framework v3.4.5 Beta
[INFO] 23/Aug/2021 13:33:28 - OS: Linux
[INFO] 23/Aug/2021 13:33:28 - Platform: Linux-5.10.0-1044-oem-x86_64-with-glibc2.29
[INFO] 23/Aug/2021 13:33:29 - Dist: linuxmint 20.2 uma
[INFO] 23/Aug/2021 13:33:29 - MobSF Basic Environment Check
[INFO] 23/Aug/2021 13:33:29 - Checking for Update.
[INFO] 23/Aug/2021 13:33:29 - No updates available.
[INFO] 23/Aug/2021 13:33:45 - Creating Dynamic Analysis Environment for com.egov.app
[INFO] 23/Aug/2021 13:33:45 - ADB Restarted
[INFO] 23/Aug/2021 13:33:45 - Waiting for 2 seconds...
[INFO] 23/Aug/2021 13:33:47 - Connecting to Android emulator-5554
[INFO] 23/Aug/2021 13:33:47 - Waiting for 2 seconds...
[INFO] 23/Aug/2021 13:33:49 - Restarting ADB Daemon as root
[INFO] 23/Aug/2021 13:33:49 - Waiting for 2 seconds...
[INFO] 23/Aug/2021 13:33:51 - Reconnecting to Android Device
[INFO] 23/Aug/2021 13:33:51 - Waiting for 2 seconds...
[INFO] 23/Aug/2021 13:33:54 - Found Android Studio Emulator
[INFO] 23/Aug/2021 13:33:54 - Remounting
[INFO] 23/Aug/2021 13:33:54 - Performing System check
[INFO] 23/Aug/2021 13:33:54 - Android API Level identified as 26
[INFO] 23/Aug/2021 13:33:54 - Android Version identified as 8.0
[INFO] 23/Aug/2021 13:33:54 - Environment MobSFyed Check
[INFO] 23/Aug/2021 13:33:54 - Installing MobSF RootCA
[INFO] 23/Aug/2021 13:33:54 - Starting HTTPs Proxy on 1337
[INFO] 23/Aug/2021 13:33:54 - Enabling ADB Reverse TCP on 1337
[INFO] 23/Aug/2021 13:33:54 - Setting Global Proxy for Android VM
[INFO] 23/Aug/2021 13:33:54 - Starting Clipboard Monitor
[INFO] 23/Aug/2021 13:33:54 - Getting screen resolution
[INFO] 23/Aug/2021 13:33:54 - Removing existing installation
[INFO] 23/Aug/2021 13:33:54 - Installing APK - com.egov.app
[INFO] 23/Aug/2021 13:33:54 - Testing Environment is Ready!
[INFO] 23/Aug/2021 13:34:06 - Starting Instrumentation
[INFO] 23/Aug/2021 13:34:06 - Starting Frida Server
[INFO] 23/Aug/2021 13:34:06 - Waiting for 2 seconds...
[ERROR] 23/Aug/2021 13:34:08 - Error Connecting to Frida
Traceback (most recent call last):
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/mobsf/DynamicAnalyzer/views/android/frida_core.py", line 129, in connect
    pid = device.spawn([self.package])
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/home/axelle/softs/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/frida/core.py", line 149, in spawn
    return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.NotSupportedError: need Gadget to attach on jailed Android; its default location is: /home/axelle/.cache/frida/gadget-android-arm64.so

created time in a month

push eventcryptax/androidre

cryptax

commit sha ee328b806501e3cbc15962a76c4aed45290be968

update for 2021.08

view details

push time in a month

push eventcryptax/confsec

axelle

commit sha f89875af401d9bef651f679b93c435cef627b6e7

botconf postponed

view details

axelle

commit sha 81c6cb1989ebafef5d8f82e1513cc4d6c7156c21

Merge branch 'master' of github.com:cryptax/confsec

view details

push time in 2 months

push eventcryptax/droidlysis

axelle

commit sha 7e4d6703e828206581b50ae3e5f05a20deed7fa8

mapbox was duplicate

view details

push time in 2 months

issue commentOnionIoT/c-cross-compile-example

Executable does not run on the Omega

arg, ok, would be useful to keep the mention that Onion Omega used to exist in your documentation, because as I saw no trace of it, I thought Omega == Omega2 ;-) Thx!

cryptax

comment created time in 2 months

issue commentOnionIoT/c-cross-compile-example

Executable does not run on the Omega

I don't have /lib/ld-musl-mipsel-sf.so.1 on my Omega, which is likely to cause the problem. On the cross compiling host, this file is inside the target's root-ramips/lib directory, but I probably missed how I am meant to make this available on the Omega...

cryptax

comment created time in 2 months

issue openedOnionIoT/c-cross-compile-example

Executable does not run on the Omega

Hi, I have compiled the cross-compiler, and then tested with this example. It built gpioRead without any problem. Unfortunately, the executable does not run on my Onion Omega! What's wrong?

root@Omega-0431:~# ./gpioRead 
./gpioRead: line 1: EL@4�t4: not found
./gpioRead: line 26: syntax error: unexpected "(" (expecting ")")
  • Device: Onion Omega
  • Firmware 0.1.4 b336
  • Compile host: I used the Docker container, and updated (feeds and git)
  • Target system: MediaTek Ralink MIPS
  • Subtarget: MT76x8 based boards
  • Target profile: Multiple targets
  • Target devices: Onion Omega2 (I didn't see Omega, actually looks like only Omega 2 exists in products)

The generated gpioRead is for MIPS architecture, and seems correct:

# file gpioRead
gpioRead: ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-mipsel-sf.so.1, with debug_info, not stripped
# ls -lh gpioRead
-rwxr-xr-x 1 root root 9.5K Jul 16 09:01 gpioRead

On the Omega,

# uname -a
Linux Omega-0431 3.18.44 #3 Wed Oct 26 23:09:35 UTC 2016 mips GNU/Linux

# dmesg | grep -i onion
[    0.000000] Kernel command line:  board=ONION-OMEGA  console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd
[    0.100000] MIPS: machine is Onion Omega

created time in 2 months

push eventcryptax/techweb

axelle

commit sha d68594f6691553842fd09f6bc660c30f66003eec

more blender tricks

view details

push time in 2 months

push eventcryptax/techweb

axelle

commit sha 3c0b174eecb1e7cd46cdacd9c5638a96aed6a92c

pishrink

view details

push time in 2 months

push eventcryptax/misc-code

axelle

commit sha 440fc22e6ea0963ea8811158c1a85352b6eda6eb

Decrypting Android/Bahamut strings

view details

push time in 2 months

push eventcryptax/androidre

axelle

commit sha 23ac7cc04993befc03ce4115455d8be6e878d5ca

integrated new version of Frida, Quark and JEB

view details

push time in 2 months

push eventcryptax/techweb

axelle

commit sha 7038cbae9d168dc57fe0c69f029a8f3e814edb1e

blender notes

view details

axelle

commit sha e09bbdc6ce55f48e528c61a957e4168fe28858aa

Merge branch 'master' of github.com:cryptax/techweb

view details

push time in 2 months

issue openedquark-engine/quark-engine

Threshold filtering does not work in detailed mode

The command quark -d -a virus-locker.apk -t 60 outputs details for all rules including those with confidence lesser than 60%. The command line acts as if -t 60 wasn't specified, whereas this option does work for -s (summary) mode. If you issue quark -s -a virus-locker.apk -t 60, you do only get the results for rules with confidence >= 60%, which is what I expected.

I think the parsing of options needs to be fixed so that -t also works with -d and produces detailed output only for rules >=60%. Currently, there is fortunately a workaround by specifying -d rulenumber.json, but it is not very convenient if you have several rules.

This is only a minor issue, but probably not too difficult to fix :)

Desktop (please complete the following information):

  • OS: Linux Mint 20.1
  • Quark 21.6.2
  • Python 3.8.5

created time in 2 months

issue openedquark-engine/quark-rules

Potentially wrong crime name for rule 00025.json

Rule 00025.json has crime name "Monitor the broadcast action events (BOOT_COMPLETED)", but the API actually checks:


 "api": [
        {
            "class": "Landroid/content/Intent;",
            "method": "getAction",
            "descriptor": "()Ljava/lang/String;"
        },
        {
            "class": "Ljava/lang/String;",
            "method": "equals",
            "descriptor": "(Ljava/lang/Object;)Z"
        }
    ],

There is no way to know this is monitoring BOOT_COMPLETED with this rule, nor even broadcast actions, so I think the crime name should be adjusted.

created time in 2 months

push eventcryptax/techweb

axelle

commit sha 5064068cf3ce9015d5150bcdc684cc300cfea7a6

django personal notes

view details

push time in 3 months

issue openedquark-engine/quark-engine

cannot import name 'checkboxlist_dialog': need for prompt toolkit

With Quark 21.6, I get this error. I believe you need to specify you need prompt-toolkit 3.0

$ quark 
Traceback (most recent call last):
  File "/home/axelle/.local/bin/quark", line 5, in <module>
    from quark.cli import entry_point
  File "/home/axelle/.local/lib/python3.8/site-packages/quark/cli.py", line 14, in <module>
    from quark.Objects.quark import Quark
  File "/home/axelle/.local/lib/python3.8/site-packages/quark/Objects/quark.py", line 24, in <module>
    from quark.utils.graph import call_graph
  File "/home/axelle/.local/lib/python3.8/site-packages/quark/utils/graph.py", line 9, in <module>
    from prompt_toolkit.shortcuts import checkboxlist_dialog
ImportError: cannot import name 'checkboxlist_dialog' from 'prompt_toolkit.shortcuts' (/usr/lib/python3/dist-packages/prompt_toolkit/shortcuts/__init__.py)

Modify setup.py with this to get it to work

       "prompt-toolkit==3.0.0",

created time in 3 months

push eventcryptax/talks

cryptax

commit sha fec6fb4bdfe1a19b82d2c79b8848b6c816b62237

conferences 2021

view details

push time in 3 months

push eventcryptax/confsec

cryptax

commit sha 2d31ceec69d53933107a0cff55e35d3325fc71ae

SAS is hybrid format

view details

push time in 3 months

push eventcryptax/confsec

cryptax

commit sha 282d70433a7dd1f1b63dbc6ce8af206769805829

adding the SAS

view details

push time in 3 months

push eventcryptax/confsec

cryptax

commit sha eaf72e8d22ba1b9d42df3552c1397e2dae9a6246

adding sec-t

view details

push time in 3 months

push eventcryptax/confsec

cryptax

commit sha 71143c135a6b9284764bb51a6b89f02c003279b8

Moving hacktivity in the table according to its CFP date

view details

push time in 3 months

push eventcryptax/confsec

Sandor Nemes

commit sha 8258ef0b8b4e150fc6ccc44a71568db3a5a12c8f

Update README.md Added Hacktivity 2021

view details

cryptax

commit sha 54c3e3f2db0507a99cfff3342551a00dbb3c6578

Merge pull request #45 from snemes/patch-1 Update README.md - thanks

view details

push time in 3 months