Chris Rohlf: Cross DSO CFI – LLVM and Android

Control Flow Integrity is an exploit mitigation that helps raise the cost of writing reliable exploits for memory safety vulnerabilities. There are various CFI schemes available today, and most are quite well documented and understood. One of the important areas where CFI can be improved is protecting indirect calls across DSO (Dynamic Shared Object) boundaries. This is a difficult problem to solve as only the library itself can validate call targets and consumers of the library may be compiled and linked against the library long after it was built. This requires a low level ABI compatability between the caller and the callee. The LLVM project has documented their design for this here. The remainder of this post looks at that design, it’s drawbacks, and then briefly explores how the Android PIE Bionic linker implements it.[…]

Android Security: Control Flow Integrity in the Android kernel

by Sami Tolvanen, Staff Software Engineer, Android Security

Android’s security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android releases and in Android 9, we continued this work by focusing on compiler-based security mitigations against code reuse attacks. Google’s Pixel 3 will be the first Android device to ship with LLVM’s forward-edge Control Flow Integrity (CFI) enforcement in the kernel, and we have made CFI support available in Android kernel versions 4.9 and 4.14. This post describes how kernel CFI works and provides solutions to the most common issues developers might run into when enabling the feature.[…]


HowToForge: Building and flashing a secured AOSP build with verified boot and separate lockscreen password for the Nexus 5X

[…]This tutorial aims to provide detailed instructions on how to solve these caveats, building and flashing AOSP for the Nexus 5X with verified boot and using separate lockscreen/encryption secrets.

vdexExtractor: Unhide APIs when decompiling files from Android P

vdexExtractor is a tool to decompile & extract Android Dex bytecode from Vdex files.

CopperheadOS: rebooting


There’re also a series of tweets to show the current perspective of open source software (”source-available software’):

Haven and evil maids

Dealing with Evil Maid exploits and how to protect your company.
Giulio D’Agostino
August 18, 2018

An Evil Maid assault is when a device has physically tampered without the device owner’s knowledge. Evil Maid attacks where a bootloader has been installed onto the victim’s computer which defeats full disk encryption. Now, however, thanks to solutions like Edward Snowden’s new Android program, which is called Haven, people can help prevent Evil Maid strikes and protect their devices from physical tampering while they’re not present.[…]This program is vital for those that have sensitive information on their devices and need extra protection against Evil Maid attacks. […]

Seealso: YONTMA and DoNotDisturb

AndroidHardening’s Auditor app for Android


 Hardware-based attestation app for select Android devices. It can do either local verification with another Android device via QR code or scheduled server-based verification. It primarily relies on Trust On First Use using the hardware-backed keystore and key attestation. The initial unpaired verification relies on key attestation root.

Google Android: Pixel firmware security updates

[…]To prevent attackers from replacing our firmware with a malicious version, we apply digital signatures. There are two ways for an attacker to defeat the signature checks and install a malicious replacement for firmware: find and exploit vulnerabilities in the signature-checking process or gain access to the signing key and get their malicious version signed so the device will accept it as a legitimate update. The signature-checking software is tiny, isolated, and vetted with extreme thoroughness. Defeating it is hard. The signing keys, however, must exist somewhere, and there must be people who have access to them.[…]

Heather Mahalik: Android and iIOS smartphone acquisition techniques

Smartphone Acquisition: Adapt, Adjust and Get Smarter!
June 25, 2018 Heather Mahalik Leave a comment

June 25, 2018

I have been recently asked by students for a summary on how to handle smartphone acquisition of iOS and Android devices. I have avoided writing it down, like I would avoid the Plague, because mobile changes so quickly and I don’t want people to read something and live by it. I wrote this on my plane ride to Vancouver, so forgive any typos or briefness in this blog.[…]

GPUTop: a GPU profiling tool

Intel posted info about a new blog post using GPUTop with Caledon (Intel-flavored Android):

We are excited to bring out a new tutorial for profiling gpu on Android. Gputop exposes many GPU parameters module wise such as frequency, busyness, threads, EU activeness etc. These are very helpful in identifying performance bottlenecks as well as impact of performance improvements on the GPU either through graphics software stack or through the graphics application. If you are learning/ new to gpu, this should attract you even more. Please take a look, try out and feel free to share your feedback.

GPU Top is a tool to help developers understand GPU performance counters and provide graphical and machine readable data for the performance analysis of drivers and applications. GPU Top is compatible with all GPU programming apis such as OpenGL, OpenCL or Vulkan since it primarily deals with capturing periodic sampled metrics. GPU Top so far includes a web based interactive UI as well as a non-interactive CSV logging tool suited to being integrated into continuous regression testing systems. Both of these tools can capture metrics from a remote system so as to try an minimize their impact on the system being profiled. GPUs supported so far include: Haswell, Broadwell, Cherryview, Skylake, Broxton, Apollo Lake, Kabylake, Cannonlake and Coffeelake.