HackDig : Dig high-quality web security articles for hackers

Rootkit Umbreon / Umreon - x86, ARM samples

Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM SystemsResearch: Trend MicroThere are two packagesone is 'found in the wild' full and a set of hashes from Trend Micro (all but one file are already in the full package)DownloadDownload Email me if you need the password  File informationPart one (full package)#File NameHash ValueFile Size (on
Publish At:2019-11-21 11:45 | Read:1299 | Comments:0 | Tags:ARM Linux rootkit Umbreon x86

Chinese ARM vendor left developer backdoor in kernel for Android, “Pi” devices

Allwinner, a Chinese system-on-a-chip company that makes the processor used in many low-cost Android tablets, set-top boxes, ARM-based PCs, and other devices, apparently shipped a version of its Linux kernel with a ridiculously easy-to-use backdoor built in. All any code needs to do to gain root access is send the text "rootmydevice" to an undocumented debug
Publish At:2016-05-11 16:40 | Read:4489 | Comments:0 | Tags:Risk Assessment Technology Lab Allwinner ARM backdoor

Google | Project Vault

Google’s Project Vault Is A Secure Computing Environment On A Micro SD Card, For Any Platform   Project Vault is a secure computer contained entirely on a micro SD sized device. Google’s ATAP said the micro SD format made sense because there’s already advanced security features on your phone, contained in the SIM card, which protects the things importa
Publish At:2015-06-09 16:15 | Read:6311 | Comments:0 | Tags:Cyber Security Security Updates Technology 0xicf ARM ARTOS A

Mass-Scale Abuse of poorly configured SOHO Routers

Several dozen Imperva Incapsula customers were targeted by a DDoS botnet comprised of tens of thousands of hijacked SOHO routers. Security experts at Incapsula firm spotted a DDoS botnet composed of tens of thousands of malware-infected Small Office / Home Office SOHO routers engaged in application layer HTTP flood attacks. Th
Publish At:2015-05-13 04:35 | Read:4953 | Comments:0 | Tags:Breaking News Cyber Crime Hacking ARM botnet Cybercrime DDoS

Android Native API Hooking with Library Injection and ELF Introspection.

This post can be considered both the part 2 of the previous "Dynamically inject a shared library into a running process on Android/ARM" and a proof of concept of the same, namely what can be done with library injection on Android. TL;DR I've updated the source code of the arminject project on github adding a library that once injected into a process will
Publish At:2015-05-04 23:30 | Read:5577 | Comments:0 | Tags:hooking api hooking library android injection elf relocation

Using ARM Inline Assembly and Naked Functions to fool Disassemblers

On this post I want to share a simple trick I learned a while ago, it's nothing special but if you think about it, it's quite nice :) Sometimes we want to obfuscate/hide strings in our program to make reversing more difficult and the more common approach is to encrypt them somehow and put them inside binary buffers instead of plain ASCII strings. One downs
Publish At:2015-05-02 22:10 | Read:5099 | Comments:0 | Tags:hack ida arm assembly naked functions inline inline assembly

Dynamically inject a shared library into a running process on Android/ARM

If you're familiar with Windows runtime code injection you probably know the great API CreateRemoteThread which lets us force an arbitrary running process to call LoadLibrary and load a DLL into its address space, this technique called DLL Injection is often used to perform user space API hooking, you can find a good post about it on Gianluca Braga's blog.
Publish At:2015-05-02 05:45 | Read:5274 | Comments:0 | Tags:hooking api hooking library android injection ptrace remote

Just-released Raspberry Pi 2 can be DoSed by bright flashes of light

A hardware enthusiast has stumbled on a curious vulnerability in the recently released next-generation Raspberry Pi computer: it crashes when exposed to certain types of flash photography and lights.The bug in the Raspberry Pi 2 was documented over the weekend in a post in the Raspberry Pi Foundation forums and Monday in a blog post by the same nonprofit
Publish At:2015-02-10 21:25 | Read:3521 | Comments:0 | Tags:Risk Assessment Technology Lab ARM denial-of-service DOS las

How hackers are exploiting vulnerable DVRs to conduct illegal activities

Security experts discovered a new malware that targets DVR and other Internet of Things devices recruiting them for different illegal activities. DVR, abbreviation for Digital Video Recorders systems, from Hikvision firm are affected by vulnerabilities that allow an attacker to hack them remotely. Digital Video Recorders are s
Publish At:2014-11-24 17:00 | Read:4535 | Comments:0 | Tags:Cyber Crime Hacking Malware ARM Bitcoins botnet Cybercrime D

ARM payload development

As I mentioned on Twitter earlier (@OwariDa, @ClevCode), using the excellent Hex-Rays ARM decompiler turned out to be quite handy for verifying the payload I’m developing and injecting into the XMM6260-based baseband in my Samsung S3 (GT-i9300). Rebooting my phone due to baseband crashes can be a bit time consuming. :DThe specific research I’m do
Publish At:2014-08-09 19:05 | Read:4754 | Comments:0 | Tags:Research Android ARM Baseband Code Injection Samsung S3

Tools