Overview
Explore a groundbreaking presentation on universal Android rooting techniques delivered at Black Hat. Dive into the discovery of a critical kernel Use-After-Free bug affecting all Linux kernel versions, and learn how it was exploited to root most Android devices, including 64-bit models. Examine the root cause of the vulnerability, innovative exploitation methods, and techniques to bypass modern kernel mitigations like PXN. Gain insights into kernel memory manipulation, code execution in kernel mode, and the challenges of 64-bit Android platforms. Discover a common approach to exploiting Android kernel Use-After-Free bugs for rooting, and explore future kernel security issues in upcoming 64-bit Android systems.
Syllabus
Intro
PRESENT SITUATION
A BIG DEAL
FUZZING
CRASH WHEN CLOSE?
WHEN IT COMES TO UAF
WE ARE IN THE KERNEL
WHAT USED TO RE-FILL
INTUITIVE IDEA
SLUB HELPS US?
THE RETURN OF PHYSMAP
INITIAL PLAN
RELIABLE MEMORY COLLISION
UNLEASH KERNEL UAF
PC CONTROL
WHAT DOES SHELLCODE DO
WHAT ABOUT 64BIT DEVICES
OOPS! PXN APPLIED.
ROP TIPS
CONCLUSION
FUTURE
PWNIE
ACKNOWLEDGEMENT
Taught by
Black Hat