In this post, I briefly review some program analysis techniques (i.e. symbolic execution and fuzzing). Additionally, I present a simple method generating valid input strings for unknown closed source binaries that I stumbled upon during one of my projects.
Unlike the Android platform, the Windows Phone platform has not been extensively studied. In this post, I will share how Windows Phone applications can be analyzed (statically) using the Mono.Cecil library.
Recently, I've been playing with hardware performance counters, specifically the Perf utility.
(NON TECHNICAL POST) What do you do when you're driving? Personally, I've spent a lot of time lately thinking and making observations about people not being considerate.
Recently, I had to use GDB for some debugging and profiling on a binary that was stripped. Impossible, you say! Actually, not so much. It's just a bit harder.
Expect is an extension of the Tcl scripting language that allows a user to automate their interaction with a program's terminal interface. It is often used to automate ssh scripts or even the creation of keys or other tasks. In my case, I am using Expect to script the interaction with a fuzzer and remote program (via SSH).
The GNU C __attribute__ feature is a mechanism not many know but can be super useful. The mechanism allows you to attach various characteristics to a function declaration. For my purposes, I used the __attribute__ mechanism to add a signal handler for segmentation fault signals to already built binary.
Inter-Process Communication (IPC) is a framework for exchange of signals (or data) across processes. Some options include shared memory, semaphores, files, pipes, etc. Another options is Binder. Binder is based on OpenBinder (Fun fact: Dianne Hackborn, a key dev from OpenBinder was recruited by Google's Android team to develop Binder). Android uses Binder for various reasons and is the underlying mechanism for some of the Android IPC methods (i.e. Intents, Messenger).
Binder takes an Object Oriented approach to operating system design and implements a server-client IPC model (synchronous).
Dalvik is the process virtual machine introduced and used by Android in its operating system. The Dalvik virtual machine plays an essential role in the Android OS. In order to provide isolation, each Android application runs inside its own Dalvik VM. But wait... Android applications are written in Java, no? Yes. Java class files are converted into `.dex` files by Dalvik's dex tool. So why not just use Java VM? Well, while Dalvik is similar to Java in some ways, there are some important differences.