Project Zero blog: Android StageFright ASLR bruteforce exploit via Chrome by Mark Brand - http://goo.gl/YBQBLs
-
-
Replying to @benhawkes
@benhawkes jemalloc's low-level building block is a 4M naturally aligned chunk so it zaps 10 bits of mmap entropy by aligning the heap.2 replies 0 retweets 5 likes -
Replying to @CopperheadOS
@benhawkes Any solution for this will come with a performance compromise. https://copperhead.co/2015/05/11/aslr-android-zygote#system-allocator …1 reply 0 retweets 4 likes -
Replying to @CopperheadOS
@benhawkes Everything before the first jemalloc chunk has 18-bit entropy, everything after has 8-bit (note: jemalloc doesn't unmap chunks).2 replies 0 retweets 4 likes -
Replying to @CopperheadOS
@benhawkes https://github.com/copperhead-security/android_bionic/commit/e4f898fd73dc78043ddba77e3f2892cad4350c12 … would help. I'm planning on trying to upstream it after adding best-fit reuse + higher 64-bit entropy.1 reply 0 retweets 2 likes -
Replying to @CopperheadOS
@benhawkes Sadly mediaserver uses runtime code generation for Widevine DRM. This isolates all other executable memory though.3 replies 1 retweet 5 likes
@CopperheadSec Yeah, interesting - another factor: I think there's been cases of high fragmentation leading to crashes of popular apps.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.