Hi all! We are a couple of Information Technology Engineering students and we are doing a research work, for the IT Security exam, about the possibility to perform buffer overflow attacks on Android devices.
We know that the actual version supports ASLR, ProPolice and NX. We have already disabled ProPolice (using LOCAL_CFLAGS := -fno-stack- protector in the Makefile); ASLR is not a problem because our simple shellcode doesn't jump to external code pieces: it calls the needed syscalls through their identifiers. The problem is that we aren't able to make the process stack executable! We don't know if and how it is possible. In order to test our shellcode, we tried on an old version of Android, the 1.5 (where the stack was executable) and it works fine. Our configuration is the following: * Eclipse Java EE IDE for Web Developers versione 3.7.1 Indigo (32 bit) on a Windows 7 box. * Android SDK revision 16. * Android 4.0.3 IceCream Sandwich with API level 15. * Android NDK release 7. * The Android Virtual Device virtualizes a Cortex-A8 based on ARMv7. * For the debugging we are working with the Eclipse plugin: Keil ARM Development Studio 5 Community Edition version 5.8. Is there someone who can help us? Thank you in advance! Antonio and Christian -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
