On Thu, Sep 19, 2013 at 3:39 AM, H. Maqbool <[email protected]> wrote:
> HI, I need to test and verify the aslr implementation in different android
> versions. I knew its fully implemented but i need to learn how to test its
> functionality as jon oberheide showed in his blogs. Can anyone guide me
> please?
>
What precisely are you trying to test?
If a system supports ASLR? If so:
$ cat /proc/sys/kernel/randomize_va_space
2
0 = off, 1 = stack, 2 = mmap
If you want to check if the EXE was built with ASLR support:
readelf -l <program> | grep -i "file type"
"DYN" is good, "EXE" is bad.
If the standard Linux readelf does not produce correct results, you
will have to use the tools from the NDK.
For completeness: ASLR was cut-in at Android 4.1. See Memory
Management Security Enhancements,
http://source.android.com/devices/tech/security/index.html. If you try
and run a program built with -fPIE and -pie on Android 4.0.3, you will
get:
shell@android: $ ./pie-testexe
[2] + Stopped (signal) ./pie-testexe
[1] - Segmentation fault ./pie-testexe
Jeff
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/groups/opt_out.
