Explore Intel's proprietary Houdini binary translator, used in Android on x86 platforms, in this 36-minute conference talk from Ekoparty 2021's Hardware Hacking Space. Delve into the high-level workings and loading process of Houdini, followed by an in-depth examination of its low-level internals and memory model. Discover security weaknesses introduced by Houdini and learn methods to escape its environment, execute arbitrary ARM and x86 code, and create Houdini-targeted malware that evades existing platform analysis. Gain insights from security consultant Brian Hong's expertise in hardware penetration testing, reverse engineering, and embedded systems security.
Sleight of ARM- Demystifying Intel Houdini - Brian Hong - Ekoparty 2021- Hardware Hacking Space
Ekoparty Security Conference via YouTube
Overview
Syllabus
Introduction
Android
Background on Android
Houdini
Houdini Uses
How Houdini Works
Houdini Explanation
Houdini Shared Object
Android Native Bridge
Android x86 Project
Java Native Interface
Native Bridge RuntimeCallbacks
Initialize Load Library
Native Code
Native Bridge
Memory
Memory Map
Execution Loop
Decompile
Processor State
Syscalls
Detection
Escape to x86
Rwx pages
Sidechannel code execution
Detection and analysis
Malware behavior
Recommendations
Static Analysis
Conclusion
Disclosure Timeline
Special Thanks
Taught by
Ekoparty Security Conference
