Announcement

Collapse
No announcement yet.

Question about crazylinker on Android

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Question about crazylinker on Android

    I've been analyzing v8 JavaScript filewriter vulnerabilities for the last few months. I have successfully converted a 64-bit exploit to a 32-bit exploit. But I finally failed in converting the 32-bit exploit to the mobile Android version. I'm analyzing how crazylinker causes problems in computing offsets on Android. But I can't find a clue to solve the problem. Does crazylinker affect the offset calculation? Isn't it? Where are the technical documents related to this? Please help me if someone knows. Why should I do this? I am dizzy. So I have to rest. Watching this crazy video would be better for my mental health.


  • #2
    I researched the operation of CrazyLinker. First of all, I found this information.
    By fixing the offset by 0xAC, I was able to correct the offset value of the variable found by binary analysis.
    Why is there a gap difference of 0xAC in memory mapping?
    I will analyze and write about this reason later.

    P.S:
    The picture image is too large and blurry. After registering, you can download the compressed image file.
    0xAC is the gap offset from the base address of libchrome.so.

    Click image for larger version  Name:	maps.png Views:	0 Size:	827.8 KB ID:	91

    Comment


    • #3
      Click image for larger version

Name:	crazytest.png
Views:	0
Size:	453.2 KB
ID:	94

      Comment

      Working...
      X