Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Drammer - The Making Of

Hack In The Box Security Conference via YouTube

Overview

Explore the technical journey behind Drammer, the first Android root exploit leveraging the Rowhammer hardware vulnerability, in this 57-minute conference talk from Hack In The Box Security Conference. Delve into the challenges faced during development, including attempts to flip bits on Android/ARM devices and the near-miss of writing a negative results paper. Learn about the Flip Feng Shui exploitation technique and its application in mobile environments. Gain insights into the research process, from initial experiments to the final implementation, covering topics such as CPU cache bypassing, DRAM benchmarking, and memory templating. Understand the scientific value of Drammer and its wider impact on mobile device security. Follow the presenter's path from Santa Barbara to the beaches, exploring various approaches to achieve reliable exploitation without relying on fancy memory management features.

Syllabus

Intro
A Little Background
Rawhammer
Bypass the CPU cache
Select the Aggressor Rows
Rowhammer Exploitation
Hammering a Needle in the Software Stack
A Quick Google Search
Arrival at Santa Barbara
Benchmarking DRAM Bandwidth
Kernel Module
A piece of art: meh.cc
Debug, Hammer, Debug
E-Mail From The Bos
Flipping Bits On The Beach
Downward Spiral
The cacheflush System Call
Pointer Chasing
Flipping Bits By Executing Code
Cache Maintenance Operations
Martina
Memory templating
Scientific Value
Land sensitive data
a. Exhaust Large Chunks
b. Find a Bit Flip
Release Vulnerable Chunk
Exhaust Rows (again)
a. Release Vulnerable Row
b. Release Large Chunks
Allocate Pages until we hit the vulnerable now
Padding
Map a Page Table
Evaluation
Wrapping Up
Disclosure
Drammer

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Drammer - The Making Of

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.