Completed
Check crypto!
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Inside Android's SafetyNet Attestation
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Attack patterns
- 3 OS modification methods
- 4 Device integrity detection the old Days
- 5 That's a low bar
- 6 Hardcoded checks
- 7 Attackers can easily disable detections
- 8 Attackers can easily feed checkers with bad data
- 9 Raising the bar
- 10 SafetyNet details
- 11 caveats
- 12 Criticism
- 13 SafetyNet JAR
- 14 SafetyNet modules
- 15 Example: device_state
- 16 SafetyNet Attestation: Overview
- 17 SafetyNet Attestation: Call Chain
- 18 SafetyNet Attestation: Request Attestation
- 19 SafetyNet Attestation Overview: Request Attestation
- 20 SafetyNet Attestation: Forward Data
- 21 SafetyNet Attestation: Attest Device & App
- 22 SafetyNet Attestation: Deliver Result
- 23 Ideal implementation
- 24 Attestation result validation
- 25 Check crypto!
- 26 cts Profile Match & basicIntegrity
- 27 SafetyNet and the Nonce
- 28 Handle errors!
- 29 Attestation: just an API Call away!?
- 30 API Failures...
- 31 Howto: App/APK Integrity
- 32 Implementation & Deployment Summary
- 33 SafetyNet vs. Android Versions
- 34 Android 4
- 35 Boot Loader Unlocked
- 36 Client-side response validation?
- 37 SuHide and Magisk
- 38 SafetyNet's Application Integrity Checks
- 39 Running Code on Android
- 40 ODEX Code Modification Attack: Overview (Generic)
- 41 Attacking ODEX files: all Android Versions
- 42 Attacking ODEX files without Root (Android 6)
- 43 ODEX file Attack via Dirtycow
- 44 Attack Impact
- 45 Fun time
