Completed
The Implementation of the Initialized Function of CDM
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
TiYunZong Exploit Chain to Remotely Root Modern Android Devices - Pwn Android Phones from 2015-2020
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Why Google Pixel Phone Is A Tough Target
- 3 Remote Attack Surface of Smart Phones
- 4 Experience of Pwning Android Devices
- 5 The Exploit Chain(TiYunZong)
- 6 Torque in Chrome v8
- 7 JSFunction Memory Layout
- 8 The Bug(CVE-2019-5877)
- 9 Trigger the Bug
- 10 How to Exploit
- 11 Exploit Strategy
- 12 Chrome' s Multi-Process Architecture
- 13 The Mojo Interface Definition of Content Decryption Module (CDM)
- 14 The Implementation of the Initialized Function of CDM
- 15 The Fucntion RegisterCdm
- 16 Trigger UAF
- 17 Exploit the ERP Bug
- 18 The Format of the Scratch Memory
- 19 Where is the Bug
- 20 of a Ring Buffer
- 21 Read And Write Pointer
- 22 Allocate Space From Ring Buffer
- 23 Overwrite Exist Instructions
- 24 CP Instruction Sequence of Executing IOCTL_KGSL GPU COMMAND
- 25 The Process of Exploiting CVE-2019-10567
- 26 Demo