Kobold

Kobold is a framework to study NSXPC-based system services using a combination of static and dynamic analysis. Using Kobold, we discovered multiple NSXPC services with confused deputy vulnerabilities and daemon crashes. Our findings include the ability to activate the microphone, disable access to all websites, and leak private data stored in iOS File Providers.

The Kobold paper (Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS), presented at IEEE S&P 2020, details the architecture and implementation of Kobold and our findings.

Kobold is open source software released under the 3-clause BSD license.

Authors:

Luke Deshotels, North Carolina State University, Samsung Research America
Costin Carabaș, University POLITEHNICA of Bucharest
Jordan Beichler, North Carolina State University
Răzvan Deaconescu, University POLITEHNICA of Bucharest
William Enck, North Carolina State University

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
analyze_crashes		analyze_crashes
automated_debugger		automated_debugger
checkDocumentedDataTypes		checkDocumentedDataTypes
entitlement_queries		entitlement_queries
find_sandbox_accessible_mach_ports		find_sandbox_accessible_mach_ports
map_methods_to_mach_ports		map_methods_to_mach_ports
my_experiments		my_experiments
reorg_kobold		reorg_kobold
statically_enumerate_mach_ports_and_protocols		statically_enumerate_mach_ports_and_protocols
utils		utils
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Kobold

About

Releases

Packages

Contributors 2

Languages

License

malus-security/kobold

Folders and files

Latest commit

History

Repository files navigation

Kobold

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages