Inside Android's SafetyNet Attestation

Inside Android's SafetyNet Attestation

Black Hat via YouTube Direct link

SuHide and Magisk

37 of 45

37 of 45

SuHide and Magisk

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Inside Android's SafetyNet Attestation

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Attack patterns
  3. 3 OS modification methods
  4. 4 Device integrity detection the old Days
  5. 5 That's a low bar
  6. 6 Hardcoded checks
  7. 7 Attackers can easily disable detections
  8. 8 Attackers can easily feed checkers with bad data
  9. 9 Raising the bar
  10. 10 SafetyNet details
  11. 11 caveats
  12. 12 Criticism
  13. 13 SafetyNet JAR
  14. 14 SafetyNet modules
  15. 15 Example: device_state
  16. 16 SafetyNet Attestation: Overview
  17. 17 SafetyNet Attestation: Call Chain
  18. 18 SafetyNet Attestation: Request Attestation
  19. 19 SafetyNet Attestation Overview: Request Attestation
  20. 20 SafetyNet Attestation: Forward Data
  21. 21 SafetyNet Attestation: Attest Device & App
  22. 22 SafetyNet Attestation: Deliver Result
  23. 23 Ideal implementation
  24. 24 Attestation result validation
  25. 25 Check crypto!
  26. 26 cts Profile Match & basicIntegrity
  27. 27 SafetyNet and the Nonce
  28. 28 Handle errors!
  29. 29 Attestation: just an API Call away!?
  30. 30 API Failures...
  31. 31 Howto: App/APK Integrity
  32. 32 Implementation & Deployment Summary
  33. 33 SafetyNet vs. Android Versions
  34. 34 Android 4
  35. 35 Boot Loader Unlocked
  36. 36 Client-side response validation?
  37. 37 SuHide and Magisk
  38. 38 SafetyNet's Application Integrity Checks
  39. 39 Running Code on Android
  40. 40 ODEX Code Modification Attack: Overview (Generic)
  41. 41 Attacking ODEX files: all Android Versions
  42. 42 Attacking ODEX files without Root (Android 6)
  43. 43 ODEX file Attack via Dirtycow
  44. 44 Attack Impact
  45. 45 Fun time

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.