- 13
- 117 107
0xFF Sweden
Sweden
Registrace 18. 02. 2019
The 0xFF cyber tech community. Bringing IT professionals together in Stockholm, Sweden.
Emulation based snapshot fuzzing
During this talk, we’ll examine the possibilities of using emulation based fuzzers to efficiently and deterministically find bugs in closed source binary programs. We’ll walk through concepts such as emulators, snapshots, coverage guidance and manual memory permission management, with the end goal of learning how to construct an efficient system able to detect bugs which, in other systems, might have passed unnoticed.
Speaker: Joel Engelcrona, a developer at ACNR focusing on low lever security.
Speaker: Joel Engelcrona, a developer at ACNR focusing on low lever security.
zhlédnutí: 939
Video
Cracking Android apps with Frida
zhlédnutí 32KPřed rokem
Magnus shows how to crack Android apps using the open source tool Frida. Frida speeds up reverse engineering and makes it easier to explore and patch closed source apps. This is a re-recording of the presentation at the last 0xFF event in Stockholm, Sweden. Check out out website for more free events.
WickrSnoop
zhlédnutí 263Před rokem
Marcus uses Frida to figure out how to patch the Wickr messaging app to leak sensitive information. Combined with managed devices or enterprise app stores an evil employer might use this technique to intercept clear text messages from "secure" messaging apps.
Browse the web like a security professional
zhlédnutí 1,2KPřed 4 lety
In this video Magnus demo a couple of common web attacks and provides recommendations of what you, as an end user, can do to protect yourself against attacks such as XSS, CSRF and evil 3rd party scripts.
Security Applications Of Language Technology - Magnus Sahlgren
zhlédnutí 324Před 4 lety
In this talk we discuss applications of language technology in the security sector. We cover applications such as text categorization and topic detection, author identification and profiling, detection and monitoring of influence operations, as well as automatic language generation. We discuss both the actual algorithms used, as well as concrete examples of analysis in real applications.
Midnight Express - a hunt on online pirates
zhlédnutí 437Před 4 lety
Midnight Express was the code name of an operation to hunt down online pirates. With lots of twist and turns the operation became a real international thriller and was close to fail. In this talk Andŕe Catry gives you an insider perspective of this cyber operation.
Sidechannel attacks
zhlédnutí 950Před 4 lety
Practical sidechannel attacks on embedded systems using timing and power consumption analysis. This talk was presented on 0xFF in Stockholm on the 24th of October 2019 by Lars Haulin. For more free talks check out our homepage and/or Meetup.
FreeBSD kernel hacking
zhlédnutí 5KPřed 4 lety
Mattias explains how to exploit the FreeBSD kernel to get root. Recorded at 0xFF in Stockholm on the 26th of September. If you're in Stockholm, go checkout our free events - 0xFF.se/
Steal SMS OTP from Android with Rubber Ducky
zhlédnutí 1,4KPřed 5 lety
Someone asked us if it would be possible to do evil with a Rubber Ducky on a mobile phone. Here is a little PoC we did where it uses a lot of shortcuts to copy a text message and send an email with the content of the text message. All without touching the phone.
Android reversing #3: OWASP Mobile Top 10, tools and resources
zhlédnutí 7KPřed 5 lety
Wrapping up the android reversing series with some security/exploitation from the OWASP Mobile Top 10 with the fourgoat app. Tools used in the series and useful resources for more info.
Android reversing #2: Blocking trackers, debugging smali, improving privacy
zhlédnutí 14KPřed 5 lety
Building on the Smali reversing in part 1 we now use those skills to find and block privacy intrusive API calls and trackers in android apps. This part also covers basic Smali debugging.
Android reversing #1: APK, Smali and ADB
zhlédnutí 53KPřed 5 lety
Android reverse-engineering part 1: The APK format, an introduction to Smali and using ADB
CTF Intro - Carl "Zeta-Two" Svensson - 0xFF 2019-04-11
zhlédnutí 1,1KPřed 5 lety
Introduction to CTF challenges by Carl Zeta-Two Svensson. Presented at 0xFF Cyber Tech Community in Stockholm 2019-04-11 Note: Due to a technical issue the demo part has been added in post-production and may not fully match the original presentation.
hi how i can contact you? for a custom project
thank you very much, helped me alot!
makasih abangku sayang 🤯🤯🥳🥳🥳🥳😥😥😥
Hi, I am trying to reproduce the steps (dicer app) I am using real rooted device, android 13, Frida 16.1.11 and for instance frida-trace does not capture the clicks or other interactions in real time. Also I use the same script as yours but it does not print out the arguments, could someone please help ?thank you
And here I was just staring at decompiled smali code xD
FFFAAARRRKKK i hate GREAT getting started videos that completely dont mention any setup information for people. i felt so over my head when i switched to linux. thats what made cody from nullbyte so good. he would always start off with heres what im using and the tools you'll need to follow this video "now that you have these tools installed we can begin" but i guess if noobs arent your target audience i suppose
so guys if your using linux, to connect to your android over usb look at setting up android=sdk maybe look at scrcpy....youll figure it out
Best thing to do is when you encounter running something new like adb at 5:44 just look up how to install and use it. Seems tedious, but that's research.
Bro, if I pay you, will you break an apk for me?
Simply amazing. Of course most real world apps won't have such a convenient "hideAds" flag, but great for educational purposes anyway. High quality video.
friend, I would like to know if you could make the subtitles in English officially available because the subtitles automatically generated by CZcams are terrible and there is little quality content like yours
Great video
I really appreciate the work you do, I mod apps and use Frida, it's good to see them married in one video.
frida-trace -J doesn't work anymore it seems like...
there is not a single browser as secure as firefox.
hm
ur really good at this damn
Thanks for making this Video. Do you guys make or have more resources like this that dives deep using Frida for more complex mobile applications ? Besides Frida documentation, and the owasp UnCrackable exercises.
can anyone help me out, I have got a apk. I just want to see if it can be re engineered. any programmers expert of android coding etc etc. its a apk file. Cheers
Great video please don't whisper
why did you pass const/4 while patching smali ? why not just const v11?
Continue the tutorial like this BTW how to online bypass signature
WHERE HAVE YOU BEEN A YEAR AGO! Thanks for the video, I have a question that is not particularly frida related - Do you know if it is possible to fake a dns response to an android emulator or phone that are not connected to the internet, namely StandAlone? More specifically - I am reversing an app that is sending a lot of requests to multiple servers and than waits for the right encrypted response from the server. Then the app decrypts it and compares it to a const string. I wanted to fake the response with the encrypted string to have a proof that I am correct with my decryption. I will be glad if you'll answer, Thanks!
Glad you liked it! In your situation I would probably have the phone tether network over USB to a computer running dnsmasq (can act as a dhcp server and serve fake dns responses) and a web server. If the app is using SSL you'll need to install a custom CA certificate and possibly disable cert pinning in the app if used.
May I ask How to run Frida on real device that is not rooted ? Help is highly appreciated.
I will suggest to ask chatGpt, I am sure its answer will satisfy you :) Nevertheless, I read that it is possible by installing frida-gadget or something like that, have fun!
@@yonatanhaldarov u have a packed one apk with Frida gadget
you probably cant, mayby an virtual space apk but wouldt know how to replicate it
This is so cool
Really good talk! I was able to replicate the TV4Play example on my phone, but I was not required to bypass the certificate pinning. Did you install a certificate for your MitM proxy on the phone? I installed my Burp certificate as a system certificate and that worked without a problem.
Auto subs. What i best method to undetect for example banking app apk in root device? 1. Is that using magisk module, as we know that apk developer will update day by day so we hard to follow frequently every an update that support with magisk module. 2. Reverse engineering updateble apk with downgrade manifest? 3. You suggestion sir?
Great instructional video, could You possible make one with Frida + Flutter? Not SSL pinning but some patching on the fly with frida? To print some values out that goes in and goes out from onClick functions? Thanks.
did you have any articles video book websites .. any things that related to android reverse engineering
how to find encryption and decryption method in an application please this is very important
how to find encryption and decryption method in an application please this is very important
:gar:
This is wonderful! Thanks
Hello how to find native codes/decompile it?
Are you available for hire?
You can decompile smali to java with jadx
how to disable network connection for ads in smali.
"all without touching the phone.... except for when we plugged up the rubber ducky" lmao, no good shit man. Question though, since most androids are USB-C will a normal USB-USBC converter work?
awesome!
thank you and I look forward to see more detail tutorial for beginners......this is great
can i dm you i need help please
2160p ? wft
Where is a book/guide/pdf on reading and understanding the smali from decompiled dex files.
if anyone else has the same question just use google
Search "whats-the-best-way-to-learn-smali-and-how-when-to-use-dalvik-vm-opcodes" And you will find a stackoverflow post with some resources
I need to learn reverse engineering sir. I got cheated by teen patti apps. They are fraud and cheaters. All pri planned. I need to screw them. I need to do mod for app. Help me 8073196425,
Please update about setup
Mt manager use make app
hello Sir, how about convert back jar file to dex file again?
Great
no
@@bonniedean9495y?
Really Amazing
Please upload more about smali code editing.
Bra video :)