Thursday, January 10, 2013

Android kernel rootkit 




This paper covers rootkit techniques that can be used in linux kernel based on Android platform using ARM(Advanced RISC Machine) process. All the tests in this paper were performed in Motoroi XT720 model(2.6.29-omap1 kernel) and Galaxy S SHW-M110S model(2.6.32.9 kernel). Note that some contents may
not apply to all smart platform machines and there are some bugs you can
modify.

We have seen various linux kernel hooking techniques of some pioneers([1]
[2][3][4][5]). Especially, I appreciate to Silvio Cesare and sd who
introduced and developed the /dev/kmem technique. Read the references for
more information.

In this paper, we are going to discuss a few hooking techniques.

 1. Simple and traditional hooking technique using kmem device.
 2. Traditional hooking technique changing sys_call_table offset in
    vector_swi handler.
 3. Two newly developed hooking techniques changing interrupt
    service routine handler in exception vector table.




Read the full article









Posted by



at























Labels:
,
,
,
,

















No comments:















Post a Comment


















        

      









Subscribe to:
Post Comments (Atom)