我的另一个类加载器就是你的类加载器：创建类的邪恶孪生实例.pdf

《我的另一个类加载器就是你的类加载器：创建类的邪恶孪生实例.pdf》由会员分享，可在线阅读，更多相关《我的另一个类加载器就是你的类加载器：创建类的邪恶孪生实例.pdf（44页珍藏版）》请在三个皮匠报告上搜索。

1、#BHEU BlackHatEventsMy other ClassLoader Is Your ClassLoaderDimitrios Valsamaras Microsoft Threat Intelligence#BHEU BlackHatEventsAbout MeAbout Me Engaged in computer security since 2002 Focus on Mobile Security for the last 6 years Senior Security Researcher MicrosoftCh0pin/Ch0pin/in/valsamaras#BHE

2、U BlackHatEventsOutlineOutline How it ended Showcases Takeaways How it started Basic Concepts Common security issues How it was going#BHEU BlackHatEventsBasic ConceptsBasic ConceptsClassLoader ConceptsTypesBootstrapUD 1UD 1UD 1UD 0UD:User Defined#BHEU BlackHatEventsBasic ConceptsBasic ConceptsClassL

3、oaderBootClassLoaderBaseDexClassLoaderPathClassLoaderInMemoryDexClassLoaderDexClassLoaderSecureClassLoaderDalvik VMARTd8(.class).dex .apk#BHEU BlackHatEventsParcelables&SerializablesParcelables&SerializablesByte streamByte streamclass A implements java.io.Serializable class A class path JVM-BJVM-A#B

4、HEU BlackHatEventsParcelables&SerializablesParcelables&SerializablesObtainedRecycled#BHEU BlackHatEventsKnown IssuesKnown IssuesSerializablesParcelablesCVE-2014-7911(Jan Horn)CVE-2015-3825(Peles&Hay)CVE-2017-0806(M.Bednarski)?CVE-2021-0928(M.Bednarski)android.os.BinderProxyOpenSSLX509Certificate#BHE

5、U BlackHatEventsHow it startedHow it started#BHEU BlackHatEventsHow it startedHow it started#BHEU BlackHatEventsHow it startedHow it startedParcelablehttps:/https:/ BlackHatEventsHow it was goingHow it was going#BHEU BlackHatEventsHow it was goingHow it was goingLets reconstruct the class#BHEU Black

6、HatEventsHow it was goingHow it was going#BHEU BlackHatEventsHow it was goingHow it was goingGet the dex/apk filesUse dex 2 jarImport the jar to the project#BHEU BlackHatEventsHow it was goingHow it was going#BHEU BlackHatEventsHow it was goingHow it was going#BHEU BlackHatEventsHow it was goingHow