IT¼¼Êõ»¥¶¯½»Á÷ƽ̨

AndroidÉøÍ¸²âÊÔѧϰÊÖ²áµÚ°ËÕÂARMÀûÓÃ

À´Ô´£ºIT165ÊÕ¼¯  ·¢²¼ÈÕÆÚ£º2016-12-09 21:39:21

µÚ°ËÕÂ ARM ÀûÓÃ

×÷ÕߣºAditya Gupta

ÒëÕߣº·ÉÁú

ЭÒ飺CC BY-NC-SA 4.0

ÔÚ±¾ÕÂÖУ¬ÎÒÃǽ«Á˽â ARM ´¦ÀíÆ÷µÄ»ù´¡ÖªÊ¶£¬ºÍ ARM ÊÀ½çÖдæÔڵIJ»Í¬ÀàÐ͵Ä©¶´¡£ ÎÒÃÇÉõÖÁ»á¼ÌÐøÀûÓÃÕâЩ©¶´£¬ÒÔ±ã¶ÔÕû¸ö³¡¾°ÓиöÇåÎúµØÁ˽⡣ ´ËÍ⣬ÎÒÃǽ«Ñо¿²»Í¬µÄ Android root ¹¥»÷ºÍËüÃÇÔÚ©¶´ÀûÓÃÖеĻù±¾Â©¶´¡£ ¿¼Âǵ½Ä¿Ç°´ó¶àÊý Android ÖÇÄÜÊÖ»ú¶¼Ê¹ÓûùÓÚ ARM µÄ´¦ÀíÆ÷£¬¶ÔÓÚÉøÍ¸²âÊÔÈËÔ±À´Ëµ£¬Á˽â ARM ¼°Æä¸½´øµÄ°²È«·çÏÕÖÁ¹ØÖØÒª¡£

8.1 ARM ¼Ü¹¹µ¼ÂÛ

ARM ÊÇ»ùÓÚ¾«¼òÖ¸Á£¨RISC£©µÄ¼Ü¹¹£¬ÕâÒâζ×ÅÆäÖ¸Áî±È»ùÓÚ¸´ÔÓÖ¸Á£¨CISC£©µÄ»úÆ÷Éٵöࡣ ARM ´¦ÀíÆ÷¼¸ºõ±é²¼ÎÒÃÇÖÜΧµÄËùÓÐÉ豸£¬ÈçÖÇÄÜÊÖ»ú£¬µçÊÓ£¬µç×ÓÊéÔĶÁÆ÷ºÍ¸ü¶àµÄǶÈëʽÉ豸¡£

ARM ×ܹ²ÓÐ 16 ¸ö¿É¼ûµÄͨÓüĴæÆ÷£¬Îª R0-R15¡£ ÔÚÕâ 16 ¸öÖУ¬ÓÐ 5 ¸öÓÃÓÚÌØÊâÄ¿µÄ¡£ ÒÔÏÂÊÇÕâÎå¸ö¼Ä´æÆ÷¼°ÆäÃû³Æ£º

R11: Ö¡Ö¸Õë (FP) R12: ¹ý³ÌÄڼĴæÆ÷ (IP) R13: Õ»Ö¸Õë (SP) R14: Á´½Ó¼Ä´æÆ÷ (LR) R15: ³ÌÐò¼ÆÊýÆ÷ (PC)

ÏÂÃæµÄͼչʾÁË ARM ¼Ü¹¹£º

ÔÚÎå¸öÀïÃæ£¬ÎÒÃÇ»áÌØ±ðרעÓÚÕâÈý¸ö£¬ËüÃÇÊÇ£º

¶ÑÕ»Ö¸Õ루SP£©£ºÕâÊDZ£´æÖ¸Ïò¶ÑÕ»¶¥²¿µÄÖ¸ÕëµÄ¼Ä´æÆ÷ Á´½Ó¼Ä´æÆ÷£¨LR£©£ºµ±³ÌÐò½øÈë×Ó¹ý³Ìʱ´æ´¢·µ»ØµØÖ· ³ÌÐò¼ÆÊýÆ÷£¨PC£©£º´æ´¢ÒªÖ´ÐеÄÏÂÒ»ÌõÖ¸Áî

×¢Òâ

ÕâÀïҪעÒâµÄÒ»µãÊÇ£¬PC ½«×ÜÊÇÖ¸ÏòÒªÖ´ÐеÄÖ¸Á¶ø²»ÊǼòµ¥µØÖ¸ÏòÏÂÒ»ÌõÖ¸Áî¡£ ÕâÊÇÓÉÓÚ±»³ÆÎªÁ÷Ë®ÏߵĸÅÄָÁî°´ÕÕÒÔÏÂ˳Ðò²Ù×÷£ºÌáÈ¡£¬½âÂëºÍÖ´ÐС£ ΪÁË¿ØÖƳÌÐòÁ÷£¬ÎÒÃÇÐèÒª¿ØÖÆ PC »ò LR ÖеÄÖµ£¨ºóÕß×îÖÕÒýµ¼ÎÒÃÇ¿ØÖÆ PC£©¡£

Ö´ÐÐģʽ

ARM ÓÐÁ½ÖÖ²»Í¬µÄÖ´ÐÐģʽ£º

ARM ģʽ£ºÔÚ ARM ģʽÏ£¬ËùÓÐÖ¸ÁîµÄ´óСΪ 32 λ Thumb ģʽ£ºÔÚ Thumb ģʽÏ£¬Ö¸Áî´ó²¿·ÖΪ 16 λ

Ö´ÐÐģʽÓÉ CPSR ¼Ä´æÆ÷ÖеÄ״̬¾ö¶¨¡£ »¹´æÔÚµÚÈýģʽ£¬¼´ Thumb-2 ģʽ£¬Ëü½ö½öÊÇ ARM ģʽºÍ Thumb ģʽµÄ»ìºÏ¡£ ÎÒÃÇÔÚ±¾Õ²»»áÉîÈëÁ˽â ARM ºÍ Thumb ģʽ֮¼äµÄÇø±ð£¬ÒòΪËü³¬³öÁ˱¾ÊéµÄ·¶Î§¡£

8.2 ½¨Á¢»·¾³

ÔÚ¿ªÊ¼ÀûÓà ARM ƽ̨µÄ©¶´Ö®Ç°£¬½¨ÒéÄ㽨Á¢»·¾³¡£ ¼´Ê¹ Android SDK ÖеÄÄ£ÄâÆ÷¿ÉÒÔͨ¹ýÄ£Äâ ARM ƽ̨À´ÔËÐУ¬´ó¶àÊýÖÇÄÜÊÖ»úÒ²ÊÇ»ùÓÚ ARM µÄ£¬ÎÒÃǽ«Í¨¹ýÅäÖà QEMU£¨ËüÊÇÒ»¸ö¿ªÔ´Ó²¼þÐéÄâ»úºÍÄ£ÄâÆ÷£©¿ªÊ¼ ARM ©¶´ÀûÓá£

ΪÁËÔÚ Android Ä£ÄâÆ÷/É豸ÉÏÖ´ÐÐÒÔÏÂËùÓв½Ö裬ÎÒÃÇÐèÒªÏÂÔØ Android NDK ²¢Ê¹Óà Android NDK ÖÐÌṩµÄ¹¤¾ßΪ Android ƽ̨±àÒëÎÒÃǵĶþ½øÖÆÎļþ¡£ µ«ÊÇ£¬Èç¹ûÄãʹÓà Mac »·¾³£¬°²×° QEMU Ïà¶ÔÈÝÒ×£¬¿ÉÒÔͨ¹ý¼üÈëbrew install qemuÀ´Íê³É¡£ ÏÖÔÚÈÃÎÒÃÇÔÚ Ubuntu ϵͳÉÏÅäÖà QEMU¡£ ×ñÑ­ÒÔϲ½Ö裺

µÚÒ»²½ÊÇͨ¹ý°²×°ÒÀÀµÀ´ÏÂÔØ²¢°²×° QEMU£¬ÈçͼËùʾ£º

sudo apt-get build-dep qemu
wget http://wiki.qemu-project.org/download/qemu-
1.7.0.tar.bz2

½ÓÏÂÀ´£¬ÎÒÃÇÖ»ÐèÒªÅäÖÃQEMU£¬Ö¸¶¨Ä¿±êΪ ARM£¬×îºó³ä·ÖÀûÓÃËü¡£ Òò´Ë£¬ÎÒÃǽ«¼òµ¥µØ½âѹËõ¹éµµÎļþ£¬·ÃÎʸÃĿ¼²¢Ö´ÐÐÒÔÏÂÃüÁ

./configure --target-list=arm-softmmu
make && make install

Ò»µ©QEMU³É¹¦°²×°£¬ÎÒÃÇ¿ÉÒÔÏÂÔØ ARM ƽ̨µÄ Debian ¾µÏñÀ´½øÐÐÀûÓÃÁ·Ï°¡£ ËùÐèÏÂÔØÁбíλÓÚhttp://people.debian.org/~aurel32/qemu/armel/¡£

ÕâÀïÎÒÃǽ«ÏÂÔØ¸ñʽΪqcow2µÄ´ÅÅÌÓ³Ïñ£¬ËüÊÇ»ùÓÚ QEMU µÄ²Ù×÷ϵͳӳÏñ¸ñʽ£¬Ò²¾ÍÊÇÎÒÃǵIJÙ×÷ϵͳΪdebian_squeeze_armel_standard.qcow2¡£ ÄÚºËÎļþÓ¦¸ÃÊÇvmlinuz-2.6.32-5-versatile£¬RAM ´ÅÅÌÎļþÓ¦¸ÃÊÇinitrd.img-2.6.32-versatile¡£ Ò»µ©ÎÒÃÇÏÂÔØÁËËùÓбØÒªµÄÎļþ£¬ÎÒÃÇ¿ÉÒÔͨ¹ýÖ´ÐÐÒÔÏÂÃüÁîÀ´Æô¶¯ QEMU ʵÀý£º

qemu-system-arm -M versatilepb -kernel vmlinuz-2.6.32-5-
versatile -initrd initrd.img-2.6.32-5-versatile -hda 
debian_squeeze_armel_standard.qcow2 -append 
'root=/dev/sda1' --redir tcp:2222::22 

redirÃüÁîÖ»ÊÇÔڵǼԶ³ÌϵͳʱʹÓÃ¶Ë¿Ú 2222 ÆôÓà ssh¡£
Ò»µ©ÅäÖÃÍê³É£¬ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÃüÁîµÇ¼µ½ Debian µÄ QEMU ʵÀý£º

ssh root@[ip address of Qemu] -p 2222

µÇ¼ʱ»áÒªÇóÊäÈëÓû§ÃûºÍÃÜÂ룬ĬÈÏÆ¾¾ÝÊÇroot:root¡£Ò»µ©ÎÒÃdzɹ¦µÇ¼£¬ÎÒÃǽ«¿´µ½ÀàËÆÈçÏÂËùʾµÄÆÁÄ»½ØÍ¼£º

8.3 »ùÓÚÕ»µÄ¼òµ¥»º³åÇøÒç³ö

¼òµ¥À´Ëµ£¬»º³åÇøÊÇ´æ´¢ÈκÎÀàÐ͵ÄÊý¾ÝµÄµØ·½¡£ µ±»º³åÇøÖеÄÊý¾Ý³¬¹ý»º³åÇø±¾ÉíµÄ´óСʱ£¬»á·¢ÉúÒç³ö¡£ È»ºó¹¥»÷Õß¿ÉÒÔÖ´ÐÐÒç³ö¹¥»÷£¬À´»ñµÃ¶Ô³ÌÐòµÄ¿ØÖƺÍÖ´ÐжñÒâÔØºÉ¡£

ÈÃÎÒÃÇʹÓÃÒ»¸ö¼òµ¥³ÌÐòµÄÀý×Ó£¬¿´¿´ÎÒÃÇÈçºÎÀûÓÃËü¡£ ÔÚÏÂÃæµÄ½ØÍ¼ÖУ¬ÎÒÃÇÓÐÒ»¸ö¼òµ¥µÄ³ÌÐò£¬ÓÐÈý¸öº¯Êý£ºweak£¬ShouldNotBeCalledºÍmain¡£ ÒÔÏÂÊÇÎÒÃÇÊÔͼÀûÓõijÌÐò£º

ÔÚÕû¸ö³ÌÐòÔËÐÐÆÚ¼ä£¬´Ó²»µ÷ÓÃShouldNotBeCalledº¯Êý¡£

©¶´º¯Êý¼òµ¥µØ½š†·Ÿ"http://www.it165.net/design/wrss/" target="_blank" class="keylink">rss7K/bi01sa1vcP7zqpidWZmtcS7urPlx/ijrLTz0KHOqiAxMCDX1r3aoaM8L3A+CjxwPtK7tanO0sPHzeqzybPM0PKx4NC0o6zO0sPHv8nS1Mq508NnY2Ox4NLry/yjrMjnz8LSu7j2w/zB7sv5yr6hoyC0y83io6zO0sPHvavU2tXiwO+9+9PDtdjWt7/VvOSyvL7Wy+a7+ruvo6hBU0xSo6mjrNa7ysfOqsHLyrmzob6wydTOorzytaXSu9CpoaMgQVNMUiDKx9PJIE9TIMq1z9a1xLCyyKu8vMr1o6zAtLfA1rm5pbv31d/T0NCntdjIt7ao1Ni6ybXEtdjWt7Ki1rTQ0Lbx0uLWuMHuoaMg1NogQW5kcm9pZCDW0KOsQVNMUiC1xMq1z9bKvNPaIDQuMKGjIMTjv8nS1LfDzspodHRwOi8vd3d3LmR1b3NlY3VyaXR5LmNvbS9ibG9nL2V4cGxvaXQtbWl0aWdhdGlvbnMtaW4tYW5kcm9pZC1qZWxseS1iZWFuLTQtMcHLveLL+dPQIEFuZHJvaWQgsLLIq8q1yqmhozwvcD4KPHByZSBjbGFzcz0="brush:java;"> echo 0 > /proc/sys/kernel/randomize_va_space gcc -g buffer_overflow.c -o buffer_overflow

½ÓÏÂÀ´£¬ÎÒÃÇ¿ÉÒÔ¼òµ¥½«¶þ½øÖÆÎļþ¼ÓÔØµ½ GNU µ÷ÊÔÆ÷£¬¼ò³Æ GDB£¬È»ºó¿ªÊ¼µ÷ÊÔËü£¬ÈçÏÂÃæµÄÃüÁîËùʾ£º

gdb -q buffer_overflow

ÏÖÔÚÎÒÃÇ¿ÉÒÔʹÓÃdisassÃüÁîÀ´·´»ã±àÌØ¶¨µÄº¯Êý£¬ÕâÀïÊÇShouldNotBeCalled£¬ÈçÏÂÃæµÄ½ØÍ¼Ëùʾ£º

ÕýÈçÎÒÃÇÔÚÉÏÃæµÄ½ØÍ¼ÖпÉÒÔ¿´µ½µÄ£¬ShouldNotBeCalledº¯Êý´ÓÄÚ´æµØÖ·0x00008408¿ªÊ¼¡£ Èç¹ûÎÒÃDz鿴mainº¯ÊýµÄ·´»ã±à£¬ÎÒÃÇ¿´µ½Â©¶´º¯ÊýÔÚ0x000084a4±»µ÷Óò¢ÔÚ0x000084a8·µ»Ø¡£ Òò´Ë£¬ÓÉÓÚ³ÌÐò½øÈë©¶´º¯Êý²¢Ê¹ÓÃÒ×Êܹ¥»÷µÄstrcpy£¬º¯Êý²»¼ì²éÒª¸´ÖƵÄ×Ö·û´®µÄ´óС£¬²¢ÇÒÈç¹ûÎÒÃÇÄܹ»ÔÚ³ÌÐò½øÈë©¶´º¯Êýʱ¿ØÖÆ×Ó¹ý³ÌµÄ LR £¬ÎÒÃǾÍÄܹ»¿ØÖÆÕû¸ö³ÌÐòÁ÷³Ì¡£

ÕâÀïµÄÄ¿±êÊǹÀ¼ÆºÎʱ LR ±»¸²¸Ç£¬È»ºó·ÅÈëShouldNotBeCalledµÄµØÖ·£¬ÒÔ±ãµ÷ÓÃShouldNotBeCalledº¯Êý¡£ ÈÃÎÒÃÇ¿ªÊ¼Ê¹ÓÃÒ»¸ö³¤²ÎÊýÔËÐгÌÐò£¬ÈçÏÂÃæµÄÃüÁîËùʾ£¬¿´¿´»á·¢Éúʲô¡£ ÔÚ´Ë֮ǰ£¬ÎÒÃÇ»¹ÐèÒªÔÚ©¶´º¯ÊýºÍstrcpyµ÷ÓõĵØÖ·ÉèÖöϵ㡣

b vulnerable 
b *<address of the strcpy call>

Ò»µ©ÎÒÃÇÉèÖÃÁ˶ϵ㣬ÎÒÃÇ¿ÉÒÔʹÓòÎÊýAAAABBBBCCCCÀ´ÔËÐÐÎÒÃǵijÌÐò£¬¿´¿´ËüÊÇÈçºÎ±»¸²¸ÇµÄ¡£ ÎÒÃÇ×¢Òâµ½ËüÔÚ©¶´º¯ÊýµÄµ÷Óô¦ÃüÖÐÁ˵ÚÒ»¸ö¶Ïµã£¬Ö®ºóÔÚstrcpyµ÷Óô¦ÃüÖÐÁËÏÂÒ»¸ö¶Ïµã¡£ Ò»µ©Ëüµ½´ï¶Ïµã£¬ÎÒÃÇ¿ÉÒÔʹÓÃxÃüÁî·ÖÎö¶ÑÕ»£¬²¢Ö¸¶¨À´×Ô SP µÄµØÖ·£¬ÈçÏÂÃæµÄ½ØÍ¼Ëùʾ£º

ÎÒÃÇ¿ÉÒÔ¿´µ½£¬¶ÑÕ»ÒѾ­±»ÎÒÃÇÊäÈëµÄ»º³åÇø¸²¸Ç£¨ASCII£º41 ´ú±í A£¬42 ´ú±í B£¬µÈµÈ£©¡£ ´ÓÉÏÃæµÄ½ØÍ¼ÖУ¬ÎÒÃÇ¿´µ½£¬ÎÒÃÇÈÔÈ»ÐèÒªËĸö¸ü¶àµÄ×Ö½ÚÀ´¸²¸Ç·µ»ØµØÖ·£¬ÔÚÕâÖÖÇé¿öÏÂÊÇ0x000084a8¡£

ËùÒÔ£¬×îºóµÄ×Ö·û´®ÊÇ 16 ×Ö½ÚµÄÀ¬»ø£¬È»ºóÊÇShouldNotBeCalledµÄµØÖ·£¬ÈçÏÂÃæµÄÃüÁîËùʾ£º

r `printf 'AAAABBBBCCCCDDDD8?'` 

ÎÒÃÇ¿ÉÒÔÔÚÏÂÃæµÄ½ØÍ¼Öп´µ½£¬ÎÒÃÇÒѾ­½«IShouldNeverBeCalledµÄÆðʼµØÖ·Ìí¼Óµ½Á˲ÎÊýÖУº

Çë×¢Ò⣬ÓÉÓÚÕâÀïÊÇС¶Ë½á¹¹£¬×Ö½ÚÒÔÏà·´µÄ˳ÐòдÈë¡£ Ò»µ©ÎÒÃÇÔËÐÐËü£¬ÎÒÃÇ¿ÉÒÔ¿´µ½³ÌÐòShouldNotBeCalledº¯Êý±»µ÷Óã¬ÈçÏÂÃæµÄ½ØÍ¼Ëùʾ£º

8.4 ·µ»Øµ¼Ïò±à³Ì

ÔÚ´ó¶àÊýÇé¿öÏ£¬ÎÒÃDz»ÐèÒªµ÷ÓóÌÐò±¾ÉíÖдæÔÚµÄÁíÒ»¸öº¯Êý¡£ Ïà·´£¬ÎÒÃÇÐèÒªÔÚÎÒÃǵĹ¥»÷ÏòÁ¿ÖзÅÖà shellcode£¬Õ⽫ִÐÐÎÒÃÇÔÚ shellcode ÖÐÖ¸¶¨µÄÈκζñÒâ²Ù×÷¡£ µ«ÊÇ£¬ÔÚ´ó¶àÊý»ùÓÚ ARM ƽ̨µÄÉ豸ÖУ¬ÄÚ´æÖеÄÇøÓòÊDz»¿ÉÖ´Ðеģ¬Õâ»á×èÖ¹ÎÒÃÇ·ÅÖò¢Ö´ÐÐ shellcode¡£

Òò´Ë£¬¹¥»÷Õß±ØÐëÒÀÀµÓÚËùνµÄ·µ»Øµ¼Ïò±à³Ì£¨ROP£©£¬ËüÊÇÀ´×ÔÄڴ治ͬ²¿·ÖµÄÖ¸ÁîÆ¬¶ÎµÄ¼òµ¥Á´½Ó£¬×îÖÕËü»áÖ´ÐÐÎÒÃÇµÄ shellcode¡£ ÕâЩƬ¶ÎÒ²³ÆÎª ROP gadget¡£ ΪÁËÁ´½Ó ROP gadget£¬ÎÒÃÇÐèÒªÕÒµ½´æÔÚÌø×ªÖ¸ÁîµÄ gadget£¬Õ⽫ÔÊÐíÎÒÃÇÌøµ½ÁíÒ»¸öλÖá£

ÀýÈ磬Èç¹ûÎÒÃÇÔÚÖ´ÐгÌÐòʱ·´»ã±àseed48()£¬ÎÒÃǽ«×¢Òâµ½ÒÔÏÂÊä³ö£º

Èç¹ûÎÒÃDz鿴·´»ã±à£¬ÎÒÃǽ«×¢Òâµ½Ëü°üº¬Ò»¸ö ADD Ö¸ÁºóÃæ¸ú×ÅÒ»¸ö POP ºÍ BX Ö¸ÁÕâÊÇÒ»¸öÍêÃÀµÄ ROP gadget¡£ ÕâÀ¹¥»÷Õß¿ÉÄÜ»áÏëµ½£¬ÎªÁ˽«ÆäÓÃ×÷ ROP gadget£¬Ê×ÏÈÌøµ½¿ØÖÆ r4 µÄ POP Ö¸ÁȻºó½«±È/bin/shµÄµØÖ·Ð¡ 6 µÄÖµ·ÅÈë r4 ÖУ¬½« ADD Ö¸ÁîµÄÖµ·ÅÈë LR ÖС£ Òò´Ë£¬µ±ÎÒÃÇÌø»Øµ½ ADD Ò²¾ÍÊÇR0 = R4 + 6ʱ£¬ÎÒÃǾÍÓµÓÐÁË/bin/shµÄµØÖ·£¬È»ºóÎÒÃÇ¿ÉÒÔΪ R4 Ö¸¶¨ÈκÎÀ¬»øµØÖ·²¢ÇÒΪ LR Ö¸¶¨system()µÄµØÖ·¡£

ÕâÒâζ×ÅÎÒÃǽ«×îÖÕÌø×ªµ½Ê¹ÓòÎÊý/bin/shµÄsystem()£¬Õ⽫ִÐÐ shell¡£ ÒÔͬÑùµÄ·½Ê½£¬ÎÒÃÇ¿ÉÒÔ´´½¨ÈκΠROP gadget£¬²¢Ê¹ÆäÖ´ÐÐÎÒÃÇËùÐèÒªµÄÈκζ«Î÷¡£ ÓÉÓÚ ROP ÊÇ¿ª·¢ÖÐ×ÔÓµÄÖ÷ÌâÖ®Ò»£¬Òò´ËÇ¿ÁÒ½¨ÒéÄã×Ô¼º³¢ÊÔ£¬·ÖÎö·´»ã±à´úÂë²¢¹¹½¨Â©¶´¡£

8.5 Android root ÀûÓÃ

´ÓÔçÆÚ°æ±¾µÄ Android ¿ªÊ¼£¬Android root ©¶´¿ªÊ¼³öÏÖÓÚÿ¸öºóÐø°æ±¾ºÍ²»Í¬µÄ Android Éè±¸ÖÆÔìÉ̵İ汾ÖС£ Android root ¼òµ¥À´ËµÊÇ»ñµÃ¶ÔÉ豸µÄ·ÃÎÊÌØÈ¨£¬Ä¬ÈÏÇé¿öÏÂÉè±¸ÖÆÔìÉ̲»»á½«ÆäÊÚÓèÓû§¡£ ÕâЩ root ¹¥»÷ÀûÓÃÁË Android ϵͳÖдæÔڵĸ÷ÖÖ©¶´¡£ ÒÔÏÂÊÇÆäÖÐһЩµÄÁÐ±í£¬´øÓЩ¶´ÀûÓÃËù»ùÓÚµÄ˼Ï룺

Exploid£º»ùÓÚ udev ÖÐµÄ CVE-2009-1185 ©¶´£¬ËüÊÇ Android ¸ºÔð USB Á¬½ÓµÄ×é¼þ£¬ËüÑéÖ¤ Netlink ÏûÏ¢£¨Ò»ÖÖ¸ºÔ𽫠Linux ÄÚºËÓëÓû§Á¬½ÓµÄÏûÏ¢£©ÊÇ·ñÔ´×ÔԭʼÀ´Ô´»òÊÇÓɹ¥»÷ÕßαÔì¡£Òò´Ë£¬¹¥»÷Õß¿ÉÒÔ¼òµ¥µØ´ÓÓû§¿Õ¼ä±¾Éí·¢ËÍ udev ÏûÏ¢²¢ÌáÉýȨÏÞ¡£ Gingerbreak£ºÕâÊÇÁíÒ»¸ö©¶´£¬»ùÓÚ vold ÖдæÔڵĩ¶´£¬ÀàËÆÓÚ Exploid ÖеÄ©¶´¡£ RageAgainstTheCage£º´Ë©¶´ÀûÓûùÓÚRLIMIT_NPROC£¬ËüÖ¸¶¨ÔÚµ÷ÓÃsetuidº¯Êýʱ¿ÉΪÓû§´´½¨µÄ½ø³ÌµÄ×î´óÊýÄ¿¡£ adb ÊØ»¤³ÌÐòÒÔ root Éí·ÝÆô¶¯;È»ºóËüʹÓÃsetuid()µ÷ÓÃÀ´½â³ýÌØÈ¨¡£µ«ÊÇ£¬Èç¹û¸ù¾ÝRLIMIT_NPROC´ïµ½ÁË×î´ó½ø³ÌÊý£¬³ÌÐò½«ÎÞ·¨µ÷ÓÃsetuid()À´½â³ýÌØÈ¨£¬adb ½«¼ÌÐøÒÔ root Éí·ÝÔËÐС£ Zimperlich£ºÊ¹ÓÃÓë RageAgainstTheCage µÄÏàͬ¸ÅÄµ«ËüÒÀÀµÓÚ zygote ½ø³Ì½â³ý root ȨÏÞ¡£ KillingInTheNameOf£ºÀûÓÃÁËÒ»¸ö³ÆÎªashmem£¨¹²ÏíÄÚ´æ¹ÜÀíÆ÷£©½Ó¿ÚµÄ©¶´£¬¸Ã©¶´ÓÃÓÚ¸ü¸Äro.secureµÄÖµ£¬¸Ãֵȷ¶¨É豸µÄ root ״̬¡£

ÕâЩÊÇһЩ×îÖªÃûµÄ Android ©¶´ÀûÓã¬ÓÃÓÚ root Android É豸¡£

×ܽá

ÔÚ±¾ÕÂÖУ¬ÎÒÃÇÁ˽âÁË Android ÀûÓÃºÍ ARM ÀûÓõIJ»Í¬·½Ê½¡£ Ï£Íû±¾Õ¶ÔÓÚÈκÎÏëÒª¸üÉîÈëµØÀûÓà ARM µÄÈËÀ´Ëµ£¬¶¼ÊÇÒ»¸öºÃµÄ¿ªÊ¼¡£

ÔÚÏÂÒ»ÕÂÖУ¬ÎÒÃǽ«Á˽âÈçºÎ±àд Android ÉøÍ¸²âÊÔ±¨¸æ¡£

Tag±êÇ©£º Êֲᠠ µÚ°ËÕ  
  • רÌâÍÆ¼ö

About IT165 - ¹ã¸æ·þÎñ - Òþ˽ÉùÃ÷ - °æÈ¨ÉêÃ÷ - ÃâÔðÌõ¿î - ÍøÕ¾µØÍ¼ - ÍøÓÑͶ¸å - ÁªÏµ·½Ê½
±¾Õ¾ÄÚÈÝÀ´×ÔÓÚ»¥ÁªÍø,½ö¹©ÓÃÓÚÍøÂç¼¼Êõѧϰ,ѧϰÖÐÇë×ñÑ­Ïà¹Ø·¨ÂÉ·¨¹æ