Demo Exploits and Vulnerable APKs for my HitCon'14 topic
Java
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
HackCleanMaster
HackGoSms
HackLango
vulnerableAPK
.gitignore
LICENSE
README.md

README.md

ComponentHijackingExploit

Intro

Here are the demo exploits and vulnerable apks for my HitCon'14 presentation titled "On the Feasibility of Automatically Generating Android Component Hijacking Exploits".

Overview

In this talk, we conduct an empirical study to explore the feasibility of automatically generating exploits for vetting component hijacking vulnerabilities in Android apps. Our study takes our hands-on exploit analysis for several real vulnerable apps as basis, and meanwhile reflects them to high-level analysis. Through this process, we identify several challenges that need to be addressed for a robust exploit generation technique, and some of them are first pinpointed. In particular, we believe one challenge is nearly impossible to be automatically tackled, if no domain knowledge is pre-provided. Overall, an automatic, accurate, and efficient solution for generating component hijacking exploits remains enough room to explore.

Exploits

Vulnerable APKs

GO SMS Pro has two versions: 4.35 and 5.23, but I missed the 5.23 apk. So I only include its Manifest and Jar files.