-
7/24/2019 2015 01 (192)
1/145
!"#
. 12
Cover Story
ZERONIGHTS
2014
Android 5.0
. 36
Eiffel
. 90
Varnish
. 114
-
7/24/2019 2015 01 (192)
2/145
01 (192) : 25 .12.2014
, , , 16
.,-
, .
192 , ,
, .
, -
.
-. .
, -
. -
.
, -, --, - .
,
, .
, , -
, , ][--
. , , ][
.
, ZN, , ,
. -, . -
, , ,
, .
!
ZN, -
, , .
ZN , ,
, PR, , , -, . ZN
,
. ,
, -
, .
, ,
, , ZN, ][
!
Stay tuned, stay ][!
,
][
@IlyaRusanen
[email protected]
[email protected]
: [email protected].: 115280,,.-,. 19,.: : 606400, .,-,.,.,. 13.: ,
614111,, . , . , . 26. ,(-),77-5675629.01.2014.Scanweb, P L 116,
Korjalanka tu 27, 45101Kouvola,.96 500. 450...,-, . .-:
[email protected]. , , 2015
PC ZONE, UNITS
[email protected]
[email protected]
ant
[email protected]
X-MOBILE
execbit.ru
Dr.
MALWARE,,
PHREAKING
[email protected]
UNIXOIDSYN/ACK
[email protected]
[email protected]
-
DVD
ant
[email protected]
D1g1
Security-
[email protected]
shop.glc.ru, [email protected], (495) 663-82-77, (800) 200-3-
999 (, , )
([email protected])
: , 109147,/50
PR-
[email protected]
[email protected]
16+
-
7/24/2019 2015 01 (192)
3/145
-
7/24/2019 2015 01 (192)
4/145
2015
192
004 MEGANEWS
012 ZERONIGHTS 2014:
020
022 Firefox Developer Edition
024 SEO
028 Linux-Android
036 security-Android 5.0
042 #3.
044 EASY HACK
048
054 IPMI/BMC-
058 ?
060
066 X-TOOLS C
068 2014 ,
076 2014 ][
082 R
086 MBAAS
090 , , Boeing
096 Sails.js MVC-
102 Rake
106 Parallels
108 , ,!
114 -Varnish120 ,SIP-
125 , Linux11
130 ESPER
135 Apache Tomcat UNIX-
140 FAQ
144 WWW2-
-
7/24/2019 2015 01 (192)
5/145
, -
-
Silk Road,
Silk Road 2.0.
Silk Road
,
Onymous.
Onymous -
. -
,
Tor. , Silk Road 2.0
, Cloud 9,
Hydra, Pandora, Blue Sky, Topix, Flugsvamp, Cannabis
Road Black Market,
, -
, . ,
Tor-,
. , -
: Cash Machine,
Cash Flow, Golden Nugget, Fast Cash . -
, -
Bitcoin 250 . , -
, , -
, .
-
, , : -
? ,
Tor.
, , -
.
, -
,
Onymous
. ,
. -
,
. ,
-
, -
,
Silk Road
2.0. ,
.
MEGANEWS
Mifrill
[email protected]
414.onion
.
17-
-
.
Silk RoadONYMOUS,
Silk Road
2.026-
(akaDefcon).Silk Road
2.0
,
,
.
Silk Road 2.0
.
-
7/24/2019 2015 01 (192)
6/145
,
, iPhone, -.,,
.
Palo Alto Networks , 400 Mac, iPhone iPad -
, WireLurker.
iCloud . -
WireLurker -
Maiyadi (). , , -
Apple, .
, ,
.
, WireLurker -
.
,
Enterprise.
. , ,
: (,
).
,APPLE,
-
, -
-
15
.
.
-
Mail.Ru, -
eBaza ,
,
.-
9,6
mail.ru, 2,5 -
yandex.ru 1,1 rambler.ru.
list.ru, bk.ru, narod.ru
yahoo.com. , -
, 100% -.
-
. , Mail.Ru , ,
,
0,2% . ,
,
- 200
. , 98,8%
, -
.
.
-/
. . , , . ,!, ,.
OS X (Yosemite).
Rootpipe
.,Apple
, .
01 /192/ 2015 5
-
7/24/2019 2015 01 (192)
7/145
,
SR Labs -
,
USB ? ,
,
.
(github.com/
adamcaudill/Psychson), -
.
(
: opensource.srlabs.de/projects/badusb ), -
USB-
: Phison, Alcor, Renesas, ASmedia, Genesys
Logic, FTDI, Cypress Microchip. -
,
PacSec.-
,
, , .
, -
, . ,
, ,
.
, -
Phison .ASmedia,
, . Genesys -
USB 3.0, USB 2.0. ,
, , ,
.
BADUSB
USB-
,BadUSB
,-
USB- (-
)-
-
.
,
.
Dropbox
451 Research.
, Dropbox
,
Dropbox
-
1000 -
, OneDrive. ,
18%
,
.
WordPress
-
WordPress 3.x, -
,.
,
JavaScript-, -
. WordPress 4.0
, -
WordPress 4.0.1.-
3.9.3, 3.8.5 3.7.5.
!"#
$$#-
, Google+ -. -,
, -, -
.
,
-Google,
01 /192/ 2015MEGANEWS6
-
7/24/2019 2015 01 (192)
8/145
-
,
. , , ,
,
.Bitcoin
, -
. ,
,
BC .
, ,
,
().
.
CryptoLabs ,
,
.-
Case.(86 !54)
, .
Case SIM-, -
60 .
, ,
, .
multi-signature, -
, BITCOIN-
,
NFC-(RFID-NTAG216, NFC Type 2)
,
. -
. . , -
,
. Case
, -
. , ,
-
, : , ,
E Ink , -
.
-
. Mr.Bitcoin
, -
,
.
,
, NFC-
(RFID- NTAG216,
NFC Type 2).:
.
-
-.
, Case
BC-.
-
Trezor. Trezor
-
, ,
,
. -
Case .
?
Microsoft ,
-
Windows 10.
,
, , -
, ?
-3:
:
Cortana
-
-
-
Windows Store !"
$%
-
&'
, -
&(
&)
Windows 8/8.1
&%
-
!"
$'
01 /192/ 2015 7
-
7/24/2019 2015 01 (192)
9/145
Mozilla Firefox -
. , Firefox 1.0 102004 , -
.
Firefox 33.1 , -
., Forget (), -
, .
-Google, 2004
., Firefox-
., Mozilla,
Google (
90% ). -
. ,
Yahoo, , Baidu.
Google, Bing, DuckDuckGo, eBay, Amazon, Twitter
Wikipedia. Google, DuckDuckGo, OZON.ru, Price.ru, Mail.Ru
Wikipedia. -
.
FIREFOX,
Google -
()
2014 . 75 -
, 11 . ,
2013 -
.
, Facebook Messenger, WhatsApp,
Hike Twitter. .
-
, ,
: -
(
), -
,
?. , -
.
Google -
No-CAPTCHA,
ReCAPTCHA. -
Snapchat, WordPress
HumbleBundle, .
, No-CAPTCHA , -
, .
, , -
IP- , -
, .
, ,
--
-
. -
,
,
. -
,
. -
Google -
.
,,
GOOGLENO-CAPTCHA
FIREFOXGOOGLE
Lamoda
LinguaLeo
-
Anywayanyday
Delivery Club
Aviasales
Telegram
2014
, :
01 /192/ 2015MEGANEWS8
-
7/24/2019 2015 01 (192)
10/145
Z Launcher-
-,
-
Nexus 5, Galaxy
S5, S4, S3, Moto X,
Moto G, HTC One, Sony
Xperia Z1.
-
.
-
zlauncher.com.
2016 Samsung -
-
Apple (
Samsung 80%
). Samsung
2014 --
Apple,
.
.
Super Mario Brothers, Call
of Duty.
()
5
140 .
Sandisk -
SSD-DIMM, -,
. UltraDIMM -
DDR3.
Google -
-
OS X
, Santa.
-
inhouse,
. Microsoft
-
:).
Nokia
Microsoft, . Nokia
Nokia
N1 Android 5.0. , Nokia
2016 . .
iPad Mini, Nokia -
, , N1
, iPad, . -
: -
, IPS-7,9 (2048 !1536)
Gorilla Glass 3. N1Intel Atom Z3580 2 -
(LPDDR3). -(eMMC 5.0) 32 . -
, 8 5 ,
5300 Wolfson WM8958E. , N1
micro-USB 2.0 Type-C .
250 .
-
. Nokia Z Launcher.
, :
, -
( ).
Nokia .
,
. , -
. , , .
... . , -
, .
, Z Launcher , -
, , .
, . -
.
NOKIAZ LAUNCHER
01 /192/ 2015 9
-
7/24/2019 2015 01 (192)
11/145
: -
.
,
.
Facebook Twitter, , : -
, .
Twitter .
, -
. ? :
Twitter . -
..
Facebook . 1 -,.Facebook
(, -
) , -
. , ,
, , , -
().
.? , -
.
TWITTER FACEBOOK
-.-
-, AAA-.
Minecraft ,-.
,Facebook -
-
,
,-
,
.
10
Facebook
Facebook -
-
2014 .
(4960 ), (1893), -
(1773). , ,
29.
, ,
, ,. ,
15 -
, 3 ,
.
Bitcoin
BC
319. -
,
, -
Silk Road 2.0, ,
, , -
. . ,
, -
400 . ,
,
BC :).
!"##
$% ###
01 /192/ 2015
-
7/24/2019 2015 01 (192)
12/145
Raspberry Pi Model B+,
,
Model A. , : Raspberry Pi Model
A+ .
, -
:-, ,
,
.-
.
Model A+ :
86 65.23 .--
Broadcomm BCM2385 ARM11
700, 256HDMI. -
, ,
. Model A+ USB (-
, Model B+ ), 40-
GPIO microSD. , -
20 .
, , , (,
). ,
. ,
IMP Ubuntu . IMP
(200 -
), :
(11 !11 ) Odroid U3 HardKernel, -
ARM Cortex-V9 1,7 , 2 16
. 20 -
Wireless HDMI, 20
. -Ubuntu 14.04 LTS , IMP
,
.
,
IMP, -
34%
(33 799100 000
).
,
,
-
.
Google Play
Services ,
Google
Copresence,
iOS
Android. ,
Bluetooth Wi-Fi.
Microsoft:
Microsoft Office iOS Android
.
Office 365 .
WhatsApp
end-to-end.
Cryptocat, Silent
TextTelegram, WhatsApp -
, -
.
: Microsoft
Xbox,
, APU
20-.
APU 28--
-
.
01 /192/ 2015 11
-
7/24/2019 2015 01 (192)
13/145
. -. . , --Security
Vacation Club. DSec, , .
!"#$%&'()*
:
[email protected]
ZeroNights,
. -
, ,
, ,
. Digital Security, -
ZN, -
-
.
ZN .
, -
, mobile web securiry, -
defensive-
(
, ,
ZN).
-
. ZN-
-
, ,
,
afterparties
:).
-
ZN2014 ,
-
. ,
ZN
, ,
, , -
. Go on!
01 /192/ 2015Cover Story12
-
7/24/2019 2015 01 (192)
14/145
01 /192/ 2015 ZeroNights 2014: 13
-
7/24/2019 2015 01 (192)
15/145
ZN
-/Jean-Philippe (JP) Aumasson
:
Kudelski Security.
ZeroNights 2014:
Heartbleed, OpenSSL, LibreSSL Truecrypt,
, Crypto
Coding Standard.
-/ Jake McGinty
:Open Whisper
Systems.
ZeroNights 2014:-
, --
,
-
,
-
, ,
.
:Kudelski
Security, -
.
ZeroNights 2014:
Workshop,
,
;
DES; -
AES.
,
? ,
. ,
ZeroNights ,
. -
: , , ,
. ,
. , . -
,
, , --
.
, .
. ,
, , -
, . , ,
, , . , -
, , .,
, . -
, ,
. , , -
.
, , Hardware Village, ,
, , -
. , . , --
, ,
Hardware Village -
. , -
, Hardware Village
, . ,
! , !
Cover Story14
-
7/24/2019 2015 01 (192)
16/145
Web-security
/ Nicolas Gregoire
:
.
ZeroNights 2014:, -
25
.
:-
Wallarm,
][.
ZeroNights 2014:
-,
, -
.
:
bug bounty ,
][ -
, ,
Xakep.RU :).
ZeroNights 2014:,
. -
, -
-
,
,
, (,
) .
,][. -
. : ZeroNights
. ,
, -
.: , -
.
, .
fast tracks ( 15-
) , , , , , -
.
ZN .
, , -
, , -
][. ,
, ,
, 2014-
:).
, -. ZN
.
: .
ZeroNights 2014: 15 01 /192/ 2015
-
7/24/2019 2015 01 (192)
17/145
, DSec,X-Tools ,
.
ZeroNights -
, -
.
-
ZeroNights, -
.
, -
,
ZeroNights. -
-
, , -
,
.,-
,
-
.
.
,
, ,
,
, ,
, -
ZeroNights. ,
:)., , -
,
DEFCON Russia
.
P. S. : -
ZeroNights?
:
!
Mobile security
/ Peter Hlavaty
:-
KEEN Team, ][.
ZeroNights 2014:-
root-Android
, -
,
.
,
:-
, ][.
ZeroNights 2014:
,
4G-
. -
: SIM-, 4G
USB-, , IP-.
/ Marco Grassi
:R&D
viaForensics.
ZeroNights 2014:
-
.
-
Android iOS, ,
-
.
:-
viaForensics, ][.
ZeroNights 2014:Workshop
, -
forensics iOS.
Cover Story16 01 /192/ 2015
-
7/24/2019 2015 01 (192)
18/145
//
/ Fabien Duchene
: ,
.
ZeroNights 2014:-
, ShiftMonkeyKameleonFuzz, -
, .
,,][ ZeroNights .
-
-,-
. , -
-
, , , :).
, -
, : , , CTF, -
, -
.
, --
.
. ,
, . -
, -0day-
Heartbleed ,
-.
, ,
proof of concept, .
,
-:
, .
, , , -
, ZN.
QIWI,
. -
, ,
QIWI-,
:). ,
, ,
VISA ZN.
, , ZeroNights
. -
,
.Digital
Security, , -
The Prodigy One Love Hackers (1995).
-
, ,
.
/ Patroklos Argyroudis (argp)
:-
Census S.A.ZeroNights 2014:Heapbleed,
-
(,
, /, )
, ,
.
:-
.
ZeroNights 2014:
, , ,
.
:Digital Security.
ZeroNights 2014:
AV, hardware assisted (VT-x,
AMD-V).
:-
, ][.
ZeroNights 2014:,
,
.
: ZeroNights?: !
17ZeroNights 2014: 01 /192/ 2015
-
7/24/2019 2015 01 (192)
19/145
, Positive Technologies,ZN . ,
-
ZN,
, -
.
.
-
. -
. - ,
: bit.ly/1tQGXoh. ,
, -
. , ,
, , , .
,
. Hardware Village, .
, .
,-
. CTF, -
,
. -
afterparty .
, -
, . .
, ESAGE Lab, , -
ZeroNights 2013,
,
.
(), -
, . -
, .
:
.
.
., CTF-,
open source
-.
QIWI, , , -
.
,
.
:).
. , @toxo4ka
bug bounty , .
() -
, @akochkov
- radare2 ( ), -
. , private speaker party, ,
, ,
.
, @090h DJ-,
Hardware Village, , . ,
:).
-
, , ,
, , ,
.
Fast track
:Digital
Security, ][.
ZeroNights 2014:
Oracle, Oracle Database
Communication Protocol -
.
:-
Positive Technologies,
][.
ZeroNights 2014:
. -
, ,
,
. , ,
.
:-
(Esage Lab), ][,
.
ZeroNights 2014:-
Go ,
Go (-, -
,
)
-
.
01 /192/ 2015Cover Story18
-
7/24/2019 2015 01 (192)
20/145
, PR-DSec ZeroNights, , .
, ,
,, .
: ,
, , , .ZN , -
, . -
. , : -
, ,
, CTF -.
, .
, , ,-
, .,
Defensive Track,-.-
, .
, 12 , -
, .
, -
CTF,
.
Shadow servants, 1336 h4x0rz, ,
.
for fun, , .-
(). , ,
., , ZeroNights :).
, Wallarm. ZN -
. , . -
MQ ,
DOS-. DEFCON,
( ,
). 20052006,
:).
! -. -
. -..
,-,Wallarm, -
, -
ZeroNights ,
. ZN -
, !
: , , -(, , ) -
Black Hat, , :). ,
ZN,
.
, , Keynote. -
, ,
. Solar Designer , DOS, -
() -
, , .
-, , , -
. -
. , -
Foursquare ZN, ?
Defensive Track
:QIWI.
ZeroNights 2014: -
. -
NGFW
DPI .
:
.
ZeroNights 2014: -
-
open source .
:-
Mail.Ru Group.
ZeroNights 2014:
,
,
, -
.
:-
Nokia R&N, -
Here,
][.
ZeroNights 2014:, -
ModSecurity
Web -, -
.
:, , , -Black Hat, , :)
01 /192/ 2015 ZeroNights 2014: 19
-
7/24/2019 2015 01 (192)
21/145
"
[email protected]
@ilya_pestov
,- , . -
GitHub-, ., .
ClockPicker
https://github.com/weareoutman/clockpickerUI/UX-, -
datetime-picker.
hours-
, . -
.
!"#$ &'())*+#,-./0123.- &'3&4-#&452+6
!#,-./ /7-5*+/58/+&'())* +932:0&3,/23'+$('.5*+;;+6 !)-(,
&'())*+#,-./0123.-0(""3,+6 !)-(, &'())*+1'7-?#&3,
1'7-?#&3,0/#:5+6!@)-(,6
!@)-(,6!@"#$6!)&2#-/ /7-5*+/58/@A($()&2#-/+6
BCDE&'3&4-#&452DFE&'3&4-#&452CFG
!@)&2#-/6
ClockPickerjQuery.
io.js
https://github.com/iojs/io.jsJavaScript -
, -
: Node.js,
Joyent,
io.js.
, Node.js -
2013 ( 0.10)
V8. -
semver. Io.js
4000 GitHub.
13 2015
, , -
Node.js npm.
Handsontable
https://github.com/handsontable/handsontable
,
Excel- .
, ,
Handsontable. -
API,
.
50
.
c Backbone, Angular, -
, ,
.
01 /192/ 201520 PC ZONE
-
7/24/2019 2015 01 (192)
22/145
Nightrain
https://github.com/naetech/nightrain
PHP,
- . -
,
OS , Windows Linux.
-
, nightrain -
,
.Python
PHP/HTML/CSS/JS-
.
SQLite 3.-
, -
, , .
, -
-.
Front-end Job InterviewQuestions
https://github.com/h5bp/Front-end-Developer-
Interview-Questions
-
.
HTML5 Boilerplate
- ,
HTML, CSS, JS .
,
, ,
.
Mermaid
https://github.com/knsv/mermaid
-
-.Mermaid
JavaScript-, -
-
-:
!"#$ &'())*+,-.,(#"+/ 01234 56789848:9 ;:6<
1636!="#$/>.(?@ A3B 2C1(." -">-DEE/F A#GH I-JIFKL3MNG"
-">-OB KEE/0P5-)#MGQB 0EE/F:G-F5C3-)N'I MG-DB 0EE/F4RMF6C3-)N'I
IRMDB
(. -
).
Clappr
https://github.com/globocom/clappr
Clappr -
. Clappr -
: ,
,
Google-. Clappr.
!SM"T/ !"#$ #"*+?'(T-.+/!="#$/ !)&.#?I/ $(.?'(T-.6' *
"M&N,-GIU >-I6'-,-GIKT8"L+?'(T-.+OB $(.?'(T-. * G-R0'(??.U
V'(T-.LP)MN.&-W +@II?W==TMN.U$#"-M=
@-.-U,?X+QOB ?'(T-.U(II(&@4ML?'(T-.6'OB
!=)&.#?I/!=SM"T/
PhotoSwipe
https://github.com/dimsemenov/PhotoSwipe
. 3000
. PhotoSwipe -
HTML5 History API
-
, , -
, -
.
$(.?)R?6'-,-GI * "M&N,-GIUYN-.T
-
7/24/2019 2015 01 (192)
23/145
JavaScript-
SpiderMonkeyMozilla
Google V8
Google
"
FIREFOX DEVELOPER EDITION
@ilya_pestov
Mozilla
. -, Firefox.
, Mozillian,
, -
Internet Explorer 95% . -, -
Chrome
SpiderMonkeyV8 Google. -,
, , Firefox Developer Edition.
Firefox Developer Edition -
Firefox Aurora, Firefox
Nightly. :
Nightly Developer Edition Beta Release.
12, . -
,
Firefox.
-
-
. -
.
.
,
browsing data
FIREFOX HELLO
, ,
WebRTC, ,
.
,
Telefonica
Firefox -
-
. -
Skype Firefox Hello.
FFDEWebRTC
-
: -
,
-cookie, ,
, .
01 /192/ 201522 PC ZONE
-
7/24/2019 2015 01 (192)
24/145
-
-,
. -
, ,
Firefox Chrome - DevTools,
.
, ,
, , -
. , -
. Firefox
-
.
JavaScript.
-, ,
-DOM -
!"#$%"'"%.
-
.
-
CSS-
.
.
Scratchpad JavaScript . online- offline-
.
.
VALENCE -- -
Firefox Tools
Adapter. Valence -
, -
(, Chrome
Android, Safari iOS) -
-, -
Firefox.
WEB AUDIO EDITOR
Web Audio API -
.
, . , ,
Firefox Developer
Edition., -
, ...
Mozilla -? ,
.Its everything youre
used to, only better..
.
.
Web Audio Editor
FFDE
WEBIDE
WebIDE-(-
) Firefox 33, Developer
Edition.WebIDE, -
, ,
Firefox OS
Firefox OS. , -
, .
.
FFOS
01 /192/ 2015 23
-
7/24/2019 2015 01 (192)
25/145
"#$-
[email protected]
ff333xx
WARNING
-
-
.,
-
,
-
.
01 /192/ 201524 PC ZONE
-
7/24/2019 2015 01 (192)
26/145
-1999 Ozon Mail? Tor -
. . -. -
.90-, -, -, , . -.
WWW
-
Tor Browser:
https://www.torproject.
org
, -(-):
;
;
.
Tor -
. .
01 /192/ 2015 SEO 25
-
7/24/2019 2015 01 (192)
27/145
WWW
Tor
Browser
:
https://www.torproject.
org/projects/torbrowser/
design/
, , -
. Tor-
, .-
. -,
NoScript Tor
Browser.
JavaScript, -
.
-, -
, HTML5-
,
Canvas Fingerprint (
, -
-
).
canvas- Tor
.
, , . -
, -
.
-, Tor cookies,
-
.
, -
Firefox.
HTML-
(. ][ ), .
-,
https://hacks.mozilla.org.
tor-hidden--, :
1. Tor
(https://www.torproject.org/download/download-easy.html.en).
2. -. . , ,
XAMPP Windows (sourceforge.net/projects/xampp/) MAMPP
(www.mamp.
info/en/) OS X.
3. .:
Windows
(https://www.torproject.org/docs/tor-doc-windows.html.en);
OS X (https://www.torproject.org/docs/tor-doc-osx.html.en);
Linux
(https://www.torproject.org/docs/tor-doc-unix.html.en).
- -
-,
-
( -
).
-
:
. ,
,
-
AgoraMarket.
.-
-
, -
.
ONION-
01 /192/ 201526 PC ZONE
-
7/24/2019 2015 01 (192)
28/145
, -, SEO:
, .Tor--
. -Torch
, 12
. -
.
SEO- -
.
. -
,
,
. - ,
,
, ,
-
, -
.
. -
.
Grams (http://grams7enufi7jmdl.onion/
addasite);
TorFind (http://ndj6p3asftxboa7j.onion/
submit.html);
Ahmia (https://ahmia.fi/add/).
INFO
.Google-Tor--.
-open source AWStats (www.awstats.org)Piwik (piwik.org).
-
2000-,
-
.
-
,
.
-
.
:
1. Tor -
. -
, -
,
Grams -
, .
Google drugs 431 , Tor- .
, .
Tor-,
. -
Tor-.
2. -
, -
, Tor-
,
. -
. , -
(), -
description.
. -
, -
, , -
.
Torch (http://xmh57jrzrnw6insl.onion/
adinfo.html);
TorAds Grams (http://toradsc6vvmtugty.onion/
auth/home).
INFO
.onion, .i2p. .
-
-
. -
, .
Stay tuned!
WWW
The Hidden Wiki:http://kpvzxxbbraaigawj.
onion
Onion wiki:http://cu7yjdxqw37yjv5n.
onion/Main_Page
01 /192/ 2015 SEO 27
-
7/24/2019 2015 01 (192)
29/145
Android-, -
, Linux. -
, Terminal IDE, ,
. ?
LINUX-ANDROID
[email protected]
01 /192/ 2015X-Mobile28
-
7/24/2019 2015 01 (192)
30/145
()
, - -
, ,
(
Ubuntu):
! #$%& '()*+,) -.#)'// +-)*0&1,+.$(+!,2 3-#&. +(,14
3$-/%*,##,.)-'/
5-( 0$1/ /-306*%,7/-389.0$1#,#:*%,7
2;;(1&)&*0&1,*%,7 /-32;;%,7/9*$)-/#2#/)(1&0
5/-3;+%,7&% $?2 '.%1&-%*.%B*1;E0*/-.$2*2=6F6GH3-.!
HI'.%1&-%*.%B*1;E0*/-.$2*2=6F6GH3-.
Linaro. forum.xda-
developers.com/showthread.php?t=2098133 .
Linaro GCC 4.6.4-2013.05 (-
Cortex, arm-unknown-linux-gnueabi-
linaro_4.6.4-2013.05-build_2013_05_18.tar.bz2).
:
! )'1 2A74 '1>*$.B.&@.*/-.$2*+.$,'3-*
/-.'1&FGH6HG*9E;8HE:*3$-/%F9E;8FE:F;=H)'1H359! >7
'1>*$.B.&@.*/-.$2*+.$,'3-* /-.'1&FGH6HG*9E;8HE:
/-.'1&*)&&/0D'-.*GH6
~/.bashrc (
, ,
, , -
):
,2(&1) JKLMN!JKLM#I'.%1&-%*;=I'10D*'1>
,2(&1)
[XTKWPFYZYWPPLN!OMPQRSI/-.'1&*)&&/0D'-.*GH6I'1>*$.B.&@.*/-.$2*+.$,'3-I#C#1&&)
,2(&1) KW\MN'1> ,2(&1)
\WPYYF\PQJX[RFTUVN'1>*/-.$2*'.%1&-%,'3-*,2(&1)
\WPYYF
\PQJX[RF[XTKWPN'1>*$.B.&@.*/-.$2* +.$,'3-*,2(&1)
\WPYYF\PQJX[RN!\WPYYF\PQJX[RFTUVF,2(&1)\\PQJX[RN!\WPYYF\PQJX[R
, -
.
,
/proc/modules.
, .
,
( ,
, ),
, ,
/system/lib/modules - insmod .
,
(
Android-
goo.gl/gIzvZe), ,
.
, Android Linux.
, -
, . .
Native-Android -
( ),
..-
.
, (NTFS, ), .
(
Android 4.3, Google. . .).
-
, , , , ,
.
, , -
Linux-.
make
modules, , -
, ( net/netfilter
):
! >'B, >&%$/,#F(1,('1,
! >'B, QN.,)I.,)"/),1 \][K^YFQPU_[RN*4.&*(-0
01 /192/ 2015 29
-
7/24/2019 2015 01 (192)
31/145
( -
) opensource.samsung.com. . -
/proc/config.gz, ,
, ,
.
, ,
arch/arm/configs/, -
. n1a_00_
defconfig, .
, , -
:
" #$%& '($)**)+&,-.'!/
make menuconfig, .
" #$%& 012 345678)9:;0,'.0?@-
-
:
" #%+@A !'$B" -? $A-CD$A#DE..FDGH#$/& !'$B" !'+ I 0'$#&
JK%.J 0&L&- -? JMNJ !'$B OP
, ,
ZIP-. ,
(-
. . .). -
:
" -+ !'$B" /@F -B.'&
CFF?QRDD/@FCSEI-.#D%.SQCD6'TU&A'&BI/@F" -? IDKI%.
ID6'TU&A'&BDQTQFDB@ED#.+SB&QD" -? IDGH#$/&
ID6'TU&A'&BD%&A'&BD
,
, ( ,
),
, d-h.st/RgI, , , -
AnyKernel/
kernel/. , -
, AnyKernel/META-INF/com/google/android/
updater-script.
:
S@)?A@'FVW=LFA$-F@'/ 8TQF
4@B&QIIIWXPQ&F)?A./A&QQV(I******XP#.S'FVW&LFYWZW9[;WZ
WQTQFWZ WDQTQFWXP?$-%$/&)&LFA$-F)+@AVWQTQFWZ WDQTQFWXP
S'#.S'FVWDQTQFWXP
-
,
.
,
,
-
01 /192/ 2015X-Mobile30
-
7/24/2019 2015 01 (192)
32/145
!"#$%"&'()*+'%,-'"&. 01%&12
!213444)56$,-7,.1#1+'%,-'#8"%()71%&12)9
):';$)56!"#$%"&'()>>9 ):';$:8!;$#";,.1)5631'#$1%;(=9 =9
=>>>9 ):';$:;7?@@'";.43A)5631'#$1%;(=9 =9 =>>>9
):';$:;7?@@'";.)5631'#$1%;(=9 =9 =>>>9
):';$:!&$,-7?@@'";.)56
%!$%@.%,;():3?"&:?!3B?@+)9 )88)9 )"CD:81E:?2@-7:;;-?27=$F)9
)@CD:';$:?@@'4";.)56%!$%@.%,;():';$:!&$,-7?@@'";.)9 )G")9
):';$:?@@'4";.)9 )G@)9 ):';$:)56%!$%@.%,;():';$:;7?@@'";.43A)56
%!$%@.%,;():3?"&:?!3B?@+)9 )88)9 )"CD:';$:&1H?@@'4";.)9
)@CD:81E:?2@-7:;;-?27=$F)56!"#$%"&'()I@&1J)56
/dev/block/mmcblk0p9 ,
. boot,
. -
, -
:
K C@% " "& :81E:?2@-7:$2,'C@%;:L:?BG&,;1:?@@'6 M 8@ 23
G2 K"6 8@&1
:
K -8 N&B01%&12 OO P"$ G% N&B01%&124P"$ L
(TWRP CWM).
-
, -
. ,
, -
, , -
.
:
K 1+$@%' QRSTT#QSUV
-
7/24/2019 2015 01 (192)
33/145
bash, -
/system/xbin.
, bash - Linaro. Bionic, -
libc Android,
POSIX-, bash (, -, mkfifo() wctomb()). ,
bash
. Linaro , , -
POSIX- glibc. bash , , Android, , glibc, -, . , -
.
LshwLshw , . -
( Linaro) .
, src/Makefile src/core/Makefile C++ Linaro ( CXX
arm-unknown-linux-gnueabi-g++),
--static CXXFLAGS. -
.
Htop
Linux.
ncurses, .htop,
ncurses:
! #$%&' ()*+ ,, -% !.! /01)
())+2334)+50675*'03+78306736-7'9193
6-7'919:;5@4 6-7'919:;5! )=' ?>@4 ()*+:S5T5U5)='50>! -%
()*+:S5T5U
:
! 1?+*') VRRWXFQAJY::9Z9'**)J!XHIFCD.ABACDDEY! 1?+*')
VWXFQAJY::9)=)&- :H!KABACDDE.FGGHEHDIAO3
&6-P7%1 ::9Z9'**)J!XHIFCD.ABACDDEY! 1?+*')
V[[WXFQAJY::9Z9'**)J!XHIFCD.ABACDDEY! 1?+*')
XGWXFQAJY:X!KABACDDE.FGGHEHDIAO3 6-7'919:;5
-
7/24/2019 2015 01 (192)
34/145
SSH-
Android.-
tmux.
lshw
:
! #$%&'!()*+ ,,-&./01*2 ,,+'134+,./1/5%
,,65.134+,)'5%&6+! 217+
, Error opening terminal: screen. - - terminfo
(Terminal IDE, , -
), /system/etc -:
8 +9:&*/ ;?@AB0$.C./+2$+/%$/+*25'D&
htop .
Tmux
Tmux
screen,
OpenBSD. - Android adb shell SSH (, TV Box HDMI- Android. .
.).
tmux
ncurses , -rootdir. ncurses, -
libevent. tmux, -
$SYSROOT_ADDITIONS libevent tmux:
! +9:&*/ EFE=BB;GHII?;?B@E0!JKB>
-
7/24/2019 2015 01 (192)
35/145
! #$ %%&'()*+*,-! %&./-01*,%23! %,!1/4* 55302-6.475'(,/8
55$(2.)'*5
23.4*$ 55$(2.)'*509*,22'
55$(2.)'*52.79'*2594*!86!:;:?@AAB>B=C:
! 7.D* EE 7.D* (,2-.''
tmux:
! *8904- FGH@I:6J552-.-(#5B!K:;:?@AAB>B=C:L&(,#'/$*
5B&!K:;:?@AAB>B=C:L&(,#'/$*&,#/42*2 552M2400-6
!HBC@B=C:L& '() 5H!K:;:?@AAB>B=C:L&(,#'/$*
5H!K:;:?@AAB>B=C:L&(,#'/$*&,#/42*2
552M2400-6!HBC@?FGH@I:6J5 B!K:;:?@AAB>B=C:L &(,#'/$*
552M2400-6!HBC@?HBN:6J
H!K:;:?@AAB>B=C:L &'()
5'*+*,-552M2400-6!HBC@ORTABB=C:6!K[=ROL&,14*9& 400-$(4!
%,!1/4* 55302-6.475'(,/8 55$(2.)'*523.4*$55U(-359#.96'(,/8
55$(2.)'*5$)/2 5594*!86
!:;:?@AAB>B=C:! 7.D* EE 7.D* (,2-.''
ngrep, , :
! *8904- FGH@I:6J552-.-(# 5B!K:;:?@AAB>B=C:L &(,#'/$*
5B!K:;:?@AAB>B=C:L&(,#'/$*&9#.9552M2400-6!HBC@B=C:L&'()5H!K:;:?@AAB>B=C:L&(,#'/$*
5H
!K:;:?@AAB>B=C:L&(,#'/$*&9#.9
552M2400-6!HBC@B=C:L&(,#'/$*&9#.9! 7.D*
configure. libpcap
D-Bus -Android (
Linux, -
). ngrep
libpcap -
/etc/passwd Android,
.
LINUX DEPLOY
,
(, -
torrent- rtorrent
libtorrent, ,
,
Boost). -
-
,
-
.
-
-
.
-
Linux Deploy, -
Google Play.
Android
Linux, -
,
POSIX- (
), -
chroot- ( - )
userland- -
, ARM.
Linux Deploy , -
loop-.
:
Ubuntu;
OpenSUSE;
Fedora;
Arch Linux;
Gentoo;
, , Kali Linux (, ,
).
: SSH -
VNC. SSH-Android Linux
Deploy ,
. VNC,
Android VNC-(bVNC).
,
Linux, -
. , -
,
-
. ,
, -
.
(
, )
Android. .
Android
POSIX-, -
,
Linux., :
SDL -
; -
;
FFmpeg - -
;
Qt , Qt Android;
Unity ;
Ogre OpenGL
3D-.
, -
.
!
#$%&'(%
01 /192/ 2015X-Mobile34
-
7/24/2019 2015 01 (192)
36/145
-
,
, , iptables. -
,
.
POSIX-
NDK,
Bionic POSIX, -
ARM, -
, , glibc, -
. ,
, -
, ,
.
Linux Deploy, Android -
userland-.
. -,
, -, userland-
4 , ,
, .
POSIX- Android -
.
-, .
Stay freedom.
UbuntuLinux Deploy
UbuntuLinux Deploy
01 /192/ 2015 35
-
7/24/2019 2015 01 (192)
37/145
A r t H a k k e r P h o t o g r a p h y @ f l i c k e r c o
m
01 /192/ 2015X-Mobile36
-
7/24/2019 2015 01 (192)
38/145
Lollipop Android Ice Cream Sandwitch.
Google , ,
.
,
.
SECURITY-ANDROID 5.0
androidstreet.net
01 /192/ 2015 37
-
7/24/2019 2015 01 (192)
39/145
Google Android -
.
Android -
,
, ,
RPC--
(Binder), - ,
(dalvik) , ,
(
).
-
. Google
-
OpenBSD
Bionic (
dmalloc calloc, Android 1.5), -
No eXecute (NX) 2.3,
-fstack-protector Wformat-security
-Werror=format-security (-
).
3.0 -
,
-
Linux- dm-crypt. Android 4.0
API
KeyChain,
.
4.1 -
( -
)
HAL- keymaster
(-
, -
M-Shield OMAP4, -
Galaxy Nexus).
2012 Google
--
Bouncer, -
Google Play -
, -
.
-
-
.
4.2,
2013-
Google Services
2.3 .
2014- -
, -
. SMS-
Android 4.2
-
.
Android 4.2
-
SELinux, -
(permissive mode), 4.4
enforcing,
-
,
. -
4.3
SETUID- -
/system
(capabilities)Linux .
Android Google
,
Apple
.,
, , -
.
, Google -
, . Android
5.0 security specific ,
, , .
: , -
5.0, SELinux, root.
Apple, -
Android ,
iOS.
-
Lollipop, -
/data,
() -
.
,
3.0
, :
(Master Key)
, PIN-
;
(Key Encryption Key, KEK)
, -
Trusted Execution Environment (TEE),
, , Qualcomm
Secure Execution Environment.
,
-
-
, HAL-
masterkey,
TEE. ,
,
-
,
NAND.
,
,
PIN-
Smart
Lock ( ).
Google ,
,
-
, .
.
/data
dm-crypt AES-128 -
CBC -
ESSIV:SHA256
(IV).
-
KEK-,
PIN-
INFO
(James Comey)iOS 8Android 5.0, ,--
.
01 /192/ 2015X-Mobile38
-
7/24/2019 2015 01 (192)
40/145
script (www.tarsnap.com/
scrypt.html),
TEE. , -
Android 5.0 -
PIN-, -
KEK.
script
PIN-
Android 4.4
PBKDF2. -
GPU (6--
PIN 10, 6-
4 hashcat),
script, -
, -
20 000
GPU -
.
,
-
,
Android 5.0. -
,
,
.
SEANDROID
SELinux,
-
,
-
-
. -
SELinux
-
.SELinux,
, ,
Apache-
,
., SELinux -
, -
, .
Android -
SELinux SEAndroid (seandroid.
bitbucket.org)
SELinux-.
4.2, -
Android, -
( 4.24.3) -
-
(
). 4.4
Google
,
(installd, netd, vold zygote). -
SELinux
5.0.
Android 5.0 -
60 SELinux ( -
)
-
,
init -
.
,
Android, -
root,
, .
, CVE-2011-1823,
Android 2.3.4 -
memory corruption
vold,
root (
Gingerbreak), -
SELinux
01 /192/ 2015 39
-
7/24/2019 2015 01 (192)
41/145
, 5.0 , -
SELinux, vold
. -
CVE-2014-3100 Android 4.3, -
keystore, 70% .
SELinux,-
(-
++,
root),
root, , .,
root
, SELinux
.
, -
, root -
-
SELinux- init.
SuperSU 2.23 (
, -
, init ,
su). -
recovery, , -
,
root (
), .
, SELinux -
,
, -
Android.
Android
4.2, -
-
(-
, 4.2 Multiple User
Enabler). 4.3
,
, -
.
Lollipop -
, -
. -
,
,
. ,
, -
,
.
screen pinning, ,
-
, . -
, .
,
,
.
screen pinning -
--
.
, PIN- -
-
. -
PIN.
, -
,
,
, -
99%
, , ,
-
. -
Samsung Knox.
Smart Lock Android 5.0 WebView Android Device Manager
INFO
Linux,-Android
MD5-
. Google,
.
01 /192/ 2015X-Mobile40
-
7/24/2019 2015 01 (192)
42/145
INFO
-
Android
-
.
-
,
-
.
SMART LOCK
PIN-
, Google . 5.0 Smart Lock,
, -
.
Google
,
.
-
. Smart Lock
, -
-
-
Bluetooth-
(,
, TV Box),
NFC- -
.
-
,
-
-
,
( Trusted
Bluetooth, ),
Tasker,
Pebble -
(
SWApp Link).
-, ,
, PIN-
, Smart Lock -
( Trusted Agents) -
Bluetooth-, NFC-.
Smart Lock.
,
,
. , , -
, ,
.
WEBVIEW Android -
WebView WebKit, -
HTML/JS-
.
. KitKat WebView
-
Chromium (33 Android 4.4.3),
-
Google
-.
Lollipop, WebView
Chromium, Google
Play (, -
). ,
Android
HTML/
JS-, -
., Google -
, -
Google Chrome Android.,
,
Android 5.0 .
KILL SWITCH
2013 Google -
Android Device Manager, -
.
Google Play Google
Services,
, Android 2.3.
Android 5.0,
Factory Reset Protection.
-
-
, , -
Google,
-
-
.
-
Google
.
,
,
.
, -
root
-
.
ChromeOS. -
Android
Android-, -
,
(Smart Lock ).
HTTPS TLS/SSL.
Android 5.0 TLSv1.1
TLSv1.2. -
Forward Secrecy. -
AES-GCM,
/
(MD5, 3DES) .
PIE . Android ,
-
PIE (Position-Independent Executables).
FORTIFY_SOURCE.
, stpcpy(), stpncpy(), read(), recvfrom(),
FD_CLR(), FD_SET() FD_ISSET(), -
FORTIFY_SOURCE
GCC ().-
FORTIFY_SOURCE
Android 4.2.
Google Android 5.0 ,
-
, ,
: -
-
,
root. , ,
, Lollipop
Android .
(Dan Campbell)
ChromeOS
01 /192/ 2015 41
-
7/24/2019 2015 01 (192)
43/145
#3.
ONAVO EXTEND
4.0, Android
-
VPN. -
, -
. Onavo
Extend VPN-, -
,
.
HTTP-
, -
,
--
.
-
AJAX -
, ,
, ,
.
, -
Opera. Opera Max,
iOS Android.
AFWALL+
-
,
, -
.
-,
, -
.
Android
,
iptables, -
.
AFWall+ .
: ,
( )
Wi-Fi
3G, . -
-
iptables.
: -
root
-
.
ADAWAY
-
. Android -
,
.
-
,
.
Adblock, -
AdAway.
AdAway ,
-
VPN-
, -
/system/etc/
hosts.
DNS-
.
OPERA MINI
-
-.
-
,
, Opera Mini
. -
Opera Mobile, -
.
Opera
Mini
, -
-
.
Opera Mini
HTML, JS, CSS. -
OBML (Opera
Binary Markup Language),
Opera -
HTML OBML -
JavaScript .
OBML -
90%, -
,
-.
Onavo Extend:goo.gl/YYA1j
:Android/iOS
:
AFWall+:goo.gl/eH7yb
:Android
:/ open source
AdAway:goo.gl/2Qacc
:Android
:
Opera Mini:goo.gl/9PoS31
:Android / iOS / Windows Phone
:
: VPN-, -, ,, Opera Mini .
01 /192/ 2015X-Mobile42
-
7/24/2019 2015 01 (192)
44/145
10 /177/ 2013 Raspberry Pi 43
!#
, .
Hint:.
-
7/24/2019 2015 01 (192)
45/145
!"#$!"#$
WARNING
.,
,-
.
GreenDog , Digital Security
[email protected] ,
twitter.com/antyurin
01 /192/ 201544
-
7/24/2019 2015 01 (192)
46/145
, , , -
.
. , -
-XSS, -
. , ,
, ,
. ,
/ (,
!"#$%&'(&)*+)(,-./012 ), IE
`. , .
?-, cheatsheet,
(, OWASP: goo.gl/Ne8nGI).
-, . -
Shazzer (goo.gl/z0SrxG). -
. - -
. ,
. , -, ,
-
, -, ,
, , -
.
, (),
, , -,
.
: goo.gl/urMpHC.
"#$%&' () *'
, (TNS)
SQL--. , , , -
. Java.
. ,
Oracle, Express Edition (XE),
JavVirtual Machine -. ?
! , -
.
3,$4'
6789:9;?=@AB-,).,:C-&$-)D/E)'F:')D,EGE=H=;>IJ7?=EGE,BK&
L)'F B&DD)'*" M4.K C)-)D,.,-"LEGNGI@>=1O
6789:9;?=@AB-,).,:P&3/P&3:')D,+2E)'F:P&3:')D,EG
C-&$-)D:')D,+2E)'F:')D,EG
".)-.:*).,+2Q>??G-,C,).:4'.,-#)(+R
2Q>??G,'*:*).,+2Q>??G,')3(,*+2I@>=G)S.&:*-&C+2I@>=1O
*3D":(&BTA"(,,C/01O
*3D":"BK,*S(,-A*-&C:C-&$-)D/C-&$-)D:')D,+2E)'F:')D,E1O
*3D":"BK,*S(,-ACS-$,:(&$O,'*O
, . -
.
.
, ,
, .
" #$
%&'()*&'')+, #$ -.
-
,
. --
, -
, ,
, -
-. -
, -
. , , Internet Explorer , Easy
Hack -
() .
-
-
,
.
.
(
, ) Android.
, Same Origin Policy. , SOP
JavaScript -
. (-
, + + )
.
SOP, , (http://evil.ru, ),
. , SOP -
:
!4U-)D, ')D,+L.,".L"-B+LK..CV%%$D)4(AB&DL2!%4U-)D,2
!4'CS. .FC,+3S..&'
#)(S,+L.,".L&'B(4BT+LM4'*&MA&C,'/EWSNNNNP)#)"B-4C.V)(,-./*&BSD,'.A*&D)4'1EGE.,".E1L
2
http://evil.ru,
(alert(document.domain)) Gmail. -
iframe ,
(input , ).
, (
SOP), ,
. \u0000 null-, . -
-
. , Android4.4
Shazzer.,
(=)
01 /192/ 2015 Easy Hack 45
-
7/24/2019 2015 01 (192)
47/145
, Visa/MasterCard -NFC (PayPass, PayWave). ( 25%)
. , , .
c NFC, c NFC-(, -
) -
.: PAN, exp date, Card Holder (),
, 20, -
. ,
, CVV .
, . , -
,
.
...
, CVV
, 3D Secure .
NFC, -
Banking card reader (goo.
gl/7dmjrH). Hackito Ergo Sum 2012: goo.gl/omSbfi.
.
.
, (, -
, , ).
?
Telnet. ,
. , , PIN-.
, , -
: PAN (), expiration date CVV (
), .
,
. ,
, -
. ? , .
.
, -
(, XSS).
-
.
, -
(
,
, -
):
HTML, JavaScript.
, -
, -
,
HTML-, -
JS.
?
,
. , HTML-
. ,
, !"#$,
!%#$, (-
, , ). , -
,
.,-
., .
!"#$!&'($, X !&))$.
, x .
!&*+,$!&*-)$..
, .
(<
0.'/.(=(*!.0?')10>2)A#"#"0!"#"!81"2'!$,'#()*#78B//=$%%!>B.",!0,'#()*#0>)"%,=?%(.!%,'#()*#8C
3A!.!D!#? ,'#()*#$"*'E#?F.(!*)'78;G8
,'#()*#$/,(@./E#?F.(!*)'78;H8%C I000J 3A!.!D=.("*!!*)'
,'#()*#$',".78,'#()*#0 =.("*!!*)'0K:EL&MMNO&6P&QRE8%C
I000J 3,==2*>,/*)' ,'#()*#$,22)ST,>?A=78/(A.8
,'#()*#$',".780>)(.06)(.8C 3,>/*5*/U
,'#()*#$>)'!@6B,'@.!78?.UV),(#W
?.UV),(#X*##.'W)(*.'/,/*)'8,'#()*#$ .1>2A#.Y()"Z.>.'/!78/(A.8
,'#()*#$2,V.278[!/(*'@%/*/2.V,(8,'#()*#$
',".780A*0M,A'>B&>/*5*/U8
,'#()*#$')X*!/)(U78/(A.8,'#()*#$/B.".7
8[,'#()*#$!/U2.%LB.".0\.5*>.\.-,A2/8C 3*'/.'/D!2/.(C 3#,/,
,'#()*#$!>B.".78!"#"8%C 3,>/*)' ,'#()*#$',".78,'#()*#0*'/.'/
0,>/*)'0FKR]8%C 3>,/.@)(U ,'#()*#$',".78,'#()*#0*'/.'/0
>,/.@)(U0\RY&^ML8%C 3>,/.@)(U
,'#()*#$',".78,'#()*#0*'/.'/ 0>,/.@)(U0TZ_]E&TMR8%C
3%*'/.'/D!2/.(C 3%,>/*5*/UCI000J3%,==2*>,/*)'C
3%",'*-.!/C
*'/.'/D!2/.(, -
>)"0!.>0.'/.(=(*!.0?')10>2)A#"#"0!"#"!0A*0M,A'>B&>/*5*/U.!"#"$``000-
)'6(.,/. M,A'>B&>/*5*/U. proguard, -
. -
-
.
, ,
O(.RL,@01"2 %#,/,%#,/,%>)"0
!.>0.'/.(=(*!.0?')10>2)A#"#"0!"#"!%!B,(.#N=(.-!% -
@./O(.RL&Qab: -,
!'*!Bab. .Intent,
Activity, , -
. :
!"#"$%%B)!/',".c5,(;75,2A.;d5,(975,2A.9
:
!.@NA(2; A=#,/.NA(2;
.",*2; "#"N/)?.'; =()@(,"; eA*>?!/,(/NA(2.
, ,
A=#,/.NA(2.
!B,(.#N=(.-.(.'>. , )'6(.,/.ab-6)(.0!/,(/E.2-^=#,/.6B.>?ab
.
6)(.0!/,(/E.2-^=#,/.6B.>?ab , , ,
^+6E.2-^=#,/.+,',@.(0!/,(/E.2-^=#,/.6B.>?ab
, --
, URL,
A">N>#' shared_pref- "01"2, %2,/.!/. A">N>#' -
Intent udpdate_url.
.
^+6E.2-^=#,/.+,',@.(0#)^=#,/.6B.>?ab -URL.
ContentTransferManagerHTTP-, URL, -
. -
handleRequestResult : )'Y,*2A(.ab,)'O()@(.!!ab, )'E/,(/ab,
)'EA>.!!ab.
onCreate
onCreate
Core.
startSelfUpdateCheck()
Core.
startSelfUpdateCheck()
01 /192/ 2015 51
-
7/24/2019 2015 01 (192)
53/145
, , -
!"#$%&''().
, -
: ETag, Content-
Length *+,-.+-&/,+,01+2&3'4!" .
*+,-.+-&/,+,01+2&3'4!"
UniversalMDMApplication APK-. -
, . -
,
.
.
56#,
789#&:;70
-
7/24/2019 2015 01 (192)
54/145
Samsung-
Samsung KNOX
-
.
:
!"##$%&'()*+,-*./0#1%#21%'#-**3-%-&"4.56+%#"7#.&"#6+%#"%#8"'+*9"42:;
)*+,-*!"##$%&'=>-/#"4.
?=6@=)ABCA81D1A8BAE=FGABH:I
, ,
,
,
, -
. -
.
:
-,
ETag, :
J>-#-J>-#-JK+5.'"K."%#"4/4$'".L%+7.K*+0>5>5.'5>5'J'M-4">B/4"N'J?4"AO-&.75*
+%64"-#"2:-
, , -
.
EXPLOIT
, -
. HTML-
JavaScript-( ):
P'K4$/#QN0%K#$+%#4$&&"42:R
>+K05"%#.*+K-#$+%ST'5>5UJJ5"+VW
0/>-#"B04*SM##/UJJX+04'"49"4JTI Y
'"#O$5"+0#2#4$&&"4; ZHHH:IPJ'K4$/#Q
, -
JavaScript-, -
,
( ). -
:
7[-5\[5"#-[-/L[9"4'$+% ,
, . , 1337;
AO-& MD5-APK-;
6+%#"%#[G"%M APK-(-
).
Python-:
$5/+4#M-'M*$,N4+5F-'"]OO?!"49"4 $5/+4#
F-'"]OO?8"^0"'#]-%>*"4=?@BD1GA S T5"+V.-/LT=?@B_=O= S
+/"%2=?@BD1GA;T4,T:.4"->2:=?@B!1`A S '#42*"%2=?@B_=O=::=?@B]=!]
S M-'M*$,.5>Z2=?@B_=O=:.M"7>$&"'#2:
K*-'' 3X]-%>*"42F-'"]OO?8"^0"'#]-%>*"4:U
>"N>+B)AO2'"*N:U '"*N.'"%>B4"'/+%'"2aHH:
'"*N.'"%>BM"->"42T6+%#"%#[G"%MT;
=?@B!1`A: '"*N.'"%>BM"->"42TAO-&T; =?@B]=!]:
'"*N.'"%>BM"->"4 2T7[-5\[5"#-[-/L[9"4'$+%T; TbccdT:
'"*N."%>BM"->"4'2:
'"*N.V!*".V4$#"2=?@B_=O=: 4"#04%
>"N>+B]A=_2'"*N:U '"*N.'"%>B4"'/+%'"2aHH:
'"*N.'"%>BM"->"42T6+%#"%#[G"%MT;
=?@B!1`A: '"*N.'"%>BM"->"42TAO-&T; =?@B]=!]:
'"*N.'"%>BM"->"4
2T7[-5\[5"#-[-/L[9"4'$+%T; TbccdT: '"*N."%>BM"->"4'2:
4"#04%$NBB%-5"BB SS TBB5-$%BBTUN4+5F-'"]OO?!"49"4
$5/+4#]OO?!"49"4
'"49"4 S ]OO?!"49"422eH.H.H.He;fHfH:;
3X]-%>*"4:'"49"4.'"49"BN+4"9"42:
Metasploit--
:
5'N Q 0'"
"7/*+$#J-%>4+$>J,4+V'"4J'-5'0%&BL%+7B'5>5B04*5'N
"7/*+$#2'-5'0%&BL%+7B'5>5B04*: Q
'"# G]g!O bha.bif.jb.bfi5'N
"7/*+$#2'-5'0%&BL%+7B'5>5B04*: Q "7/*+$#
(bit.ly/1yWD0DX)
.
TARGETS Samsung Galaxy S5;
Samsung Galaxy S4 (version checked: I9505XXUGNH8);
Samsung Galaxy S4 mini (version checked: I9190UBUCNG1);
Samsung Galaxy Note 3 (version checked: N9005XXUGNG1);
Samsung Galaxy Ace 4 (version checked: G357FZXXU1ANHD).
SOLUTION
,
, -
. , : -
,
(
UniversalMDMClient), -
,
.
.
-
. (-
bit.ly/1AK3OGR):
'5>5UJJ/-#KMJ
Samsung UMC (Universal MDM Client) :
M##/UJJ05K[K>%.'"K,a,.K+5UfH
-
UniversalMDMClient.apk. -
(Samsung
Galaxy S5, Note 4 Alpha).
...
;).
01 /192/ 2015 53
-
7/24/2019 2015 01 (192)
55/145
IPMI/BMCIPMI , , -
. -
.
BMC IPMI. -
(system on a chip)
.
, ,
.
Integrated Lights Out (iLO) Hewlett-Packard (HP). HP iLO
BMC/IPMI. -
, . , , -
ARM Linux.
:
Reset / /
, .
IPMI/BMC .
-
, ,
.
:
-();
IPMI over LAN (UDP 623);
(,
).-
: WMI , OpenIPMI, IPMItool Linux.
-. -
, .
, .
IPMI over LAN, , -
UDP 623.
IPMI ,
/dev/ipmi0, .
IPMI IPMItool
GNU/Linux, .
-IPMI,
IPMI.
IPMI/BMC-
,
Positive Technologies
[email protected]
p h o t o n e w m a
n @ s h u t t e r s t o c k c o m
01 /192/ 201554
-
7/24/2019 2015 01 (192)
56/145
IPMI/BMC
IPMI/BMC IPMI/BMC -
2013 ,
. IPMI/BMC
shodanhq.com (-
. . .). ,
. -
.
-
IPMI/BMC.
IPMI/BMC (, ),
VirtualConsole (aka KVM) , -
, roota LiveCD
, Windows. -
, -
root (
). , IPMI-
-
. IPMI/BMC
, -
.
IPMI/BMC.
IPMI/BMC -
. , IPMI/BMC -
.
. , -
, -
.
IPMI BMC
(Dan Farmer) (bit.ly/1fx1wAW). , ,
: bit.ly/1zthsgv.
.
, IPMI/
BMC :
(,
-);
IPMI.
,
.
NULL authentication
.
IPMI 1.5.
, -
. ,
.
HP;
Dell;
Supermicro.
UDP 623, IPMI 1.5, -
.
PC
!"#!$%%& () *+*, (- $./01$23 4#5 06!7
IPMI Authentication Bypass via Cipher 0
. -
IPMI 2.0.
.
,
.
HP;
Dell;
Supermicro.
UDP 623, IPMI 2.0, .
PC
#1$.8"&%!$ ( .69!&!./:;85.1/1 681/ &!8$
IPMI 2.0 RAKP Authentication Remote Password HashRetrieval
. IPMI 2.0
HP;
Dell;
Supermicro.
UDP 623, IPMI 2.0 user-logins.
PC
#1$.8"&%!$ (
.69!&!./:;85.FG5%#;!"#!;$%%&8;/.H($>1(/!""1/G"&
IPMI Anonymous Authentication / Null user
-null user, - anonymous authentication.
-, - -
null user / anonymous ().
null user, .
anonymous authentication, admin -
IPMI Chips with ATEN-Software.
(bit.ly/1iZItyM)
. Rapid7 (bit.ly/1kAtHVh)
null user .
HP;
Dell;
Supermicro ( IPMI Chips with ATEN-Software).
UDP 623.
PC
#1$.8"&%!$ ( .69!&!./:;85.
-
7/24/2019 2015 01 (192)
57/145
Supermicro.
1900.
PCmetasploit exploit/multi/upnp/libupnp_ssdp_overflow
metasploit auxiliary/scanner/upnp/ssdp_msearch
Supermicro IPMI Clear-text Passwords
IPMI 2.0 , -
. Supermicro -
/nv/PSBlock /nv/PSStore,
firmware. , BMC Nuvoton WPCM450
TCP- 49152 ,
/nv, PSBlock,
server.pem .
Supermicro.
Shell-?
PC
!"# %&'%()*+,!-.!/, 0123 %()*+,!-4 5 &! #"67.#8(
9:;?@>?>&76@!??>&7.
IPMI,
Authentication
Bypass via Cipher 0 (). , -
.
: -
, -
.
.
Metasploita >?@>ABC@?/"D/.D . :
. >?@>ABC@?/"D/.D-, , -
. ,
, .
,!+E"D/!"#, F,/& #/.G>??.6 c jumbo- (community edition).
( -
. . .), -
.
oclHashcat, 1.30,
.
HP iLO4, -
. ,
Administrator -
uppercase + numeric.
-
.
cipher 0
. -
8(H8#,,+. GNU/Linux -. Windows
Cygwin. -
:
1. , ,
ID.
IPMI
John the Ripper
oclHashcat
01 /192/ 201556
-
7/24/2019 2015 01 (192)
58/145
!"#!$%%& () &*+"&,- (. / (0 1212121 (3
45#!+!-$6*$%6 (7 *+8"*--9%65:;6; ,-;6 &!-$
2. .
!"#!$%%& () &*+"&,- (. / (0 1212121(3
45#!+!-$6*$%6
(7 *+8"*--9%65:;6; ,-;6 -;$ +*#; :*?@;6
3. .
!"#!$%%& () &*+"&,- (. / (0 1212121 (3
45#!+!-$6*$%6 (7 *+8"*--9%65:;6; ,-;6
-;$ "*--9%65 :*?@;6"*--
4. .
!"#!$%%& () &*+"&,- (. / (0 1212121 (3
45#!+!-$6*$%6 (7 *+8"*--9%65:;6; ,-;6 "6!A B
5. .
!"#!$%%& () &*+"&,- (. / (0 1212121 (3
45#!+!-$6*$%6 (7 *+8"*--9%65:;6; ,-;6 ;+*C&;
,
, -
-, SSH SMASH -
, -KVM.
KVM,
,
BIOS, -
. -
KVM . , HP
iLO4 TCP 17988 17990. Dell
iDRAC7 TCP 5900. Cisco ICM TCP 2068.
, HP BladeSystem Onboard
Administrator. HP BladeSystem ,
-. , -
-
IPMI.
IPMI SSO. ,
, -
--
:).
, HP
iLO4, KVM -
SMASH (: SSH) TEXTCONS.
, 80, 443, 17990.
, -
? .
, , !"#!?5C
Windows/Linux.
IPMI/BMC, ( ipmi_dumphashes
Metasploit). ,
Metasploit , IPMI/BMC -, Metasploit -
.
GitHub (bit.ly/12GLwLA). -
:
1. D" ,
.
2. D5-
.
3. DA E
0..5. N = 1 .
, -
. ,
D5 D"
, IPMI-.-
D5
, -
. -,
DA F
.
Linux GCC
G?? !"#!?52? D-$*$!? D% !"#!?5.
Windows MinGW G??
!"#!?52? D#+%D#-DC!$!;&5- D&9-HIJH D=K)ELM.
, PoC LiveCD (bit.
ly/1z1woEg), Windows.
LiveCD.
: -
IPMI/BMC .
-SMASH,
,
IPMI/BMC .
,IPMI/BMC.
BMC . -
. ,
- -
, .
Stay tuned!
HPKVM
HP BladeSystem
Onboard Administrator
01 /192/ 2015 57
-
7/24/2019 2015 01 (192)
59/145
-
7/24/2019 2015 01 (192)
60/145
-
7/24/2019 2015 01 (192)
61/145
ant
[email protected]
J o A n n G o u l d @ s h u t t e r s t o c k c o m
01 /192/ 201560
-
7/24/2019 2015 01 (192)
62/145
01 /192/ 2015 61
-
7/24/2019 2015 01 (192)
63/145
PREFASE
(-
),
.
-
, -
. ,
,
. -
. ,
-, ,
, .
-
, .
, Windows, -
-,
-
.
, .
Linux .
.
Windows, c -
,
- .
Linux- -
.
?
, -
. -
,
. ,
,
(, , -
,
).
:
1. .
2.
.
3. .
4. () .
5. root.
.
, ,
,.
-
!"#$% '#.
,
, (')%*%#+%, -
%,-(-
-: *+.')%*%#+% Ubuntu,
)%/0#,')%*%#+% Red Hat / CentOS ):
-#, 1%,-1(')%*%#+%
,
.
, -
. , , exploit-db.
com, : 1337day (bit.ly/12e2Erd),
SecuriTeam (bit.ly/1wOdrFI), ExploitSearch (bit.
ly/1yYgrxM), Metasploit (bit.ly/1u42z0n), securityreason
(bit.ly/1s8XRhr), seclists (bit.ly/1u8f1LI). ,
, .
, : -
-
, -
.-
,
:
-.
. .
. , -
(,$2
). -
, grsecurity (bit.ly/1wcJIa3).
, Windows. , -. , , . ,
, ,. ? , ...
WARNING
-
.,
-
, -
.
01 /192/ 201562
-
7/24/2019 2015 01 (192)
64/145
.
,
www.cvedetails.com
packetstormsecurity.org/files/cve/[CVE]
cve.mitre.org/cgi-bin/cvename.cgi?name=[CVE]
www.vulnview.com/cve-details.php?cvename=[CVE]
, , ,
.
-.
,
, cURL/
wget, Netcat, FTP, SCP/SFTP, SMB
DNS TXT . ,
, :
! #$ % '() *+),! #$ % '() #-.! #$ % '() #),-',.! #$ % '() ,/,0.!
#$ % '() /,0
, Netcat.
-
:
#- &1 &0 2345 6 78,9! 1)
1234. -
:
#- &* 4 :$);,
-
7/24/2019 2015 01 (192)
65/145
.
-
(,
-
,
, ).
,
,
-
.
-
,
:
! #$ % '() *)+,-! #$ % '() *./01#-! #$ % '() 233-
! #$ % '() 33
-
. , -
, .
,, ,
, ,
, -
-
. , Microsoft
Windows, -
,
.
,
:
! #$ % &*)+( 4 5
&/.*) , &,6
-
,
--
:
, -
/, -
, init
cron. ,
, -
, -
.
, -
/-
/
-
. , ,
30(1$ 777.
, -
.
Setuid + setgid , setuid setgid
, -
( root).
,
, -
-
. ,
setuid -
ls -
,
-
. vim
-
,
-
.
,
-
setuid/setgid-
, -
, buffer
overflow command
injection,
-
.
-
.
68$1 ! #$ % &9$): ;>>;? &/.*) @
&*+A#/> &)9)3 ,6 &6 BC ;D
, sudo,
, , -
.
. -
,
, -
(, -
).
-
. -
command injection.
, -
.
SUDO sudo (substitute
user and do), -
-
, -
-
-
.
-
root(-
),
, .
%)/3%68$1)+6. -
-
.
, -
. , -
,
.
( Offensive security, -
: bit.ly/1A62EUU).
LinEnum
Unix-privesc-check
01 /192/ 201564
-
7/24/2019 2015 01 (192)
66/145
PATH
,
.
!"#$ (-
%&'()*(+ ). ?, : , -
!"#$ , (,-./'(-.01&.1/'(,,,,)? ,
,
: 3 %&45&673 ,.%&45&67. , !"#$ -/ . -
:
!"#$8,-39!"#$:*;%4&) !"#$
,
: () . ,
sudo--
, . ,
, !"#$.
,
, =4 3!"#$ @ 1*A B* C1.--.-.5D1.-,-.-.5D 1.-,3..D 1.E-..C?
AFTERWORD
, Linux -
.
: , ,
, .
, , -
, -
win-, nix-
. !
: ,
, ,
. ,
,
LinuxPrivChecker
,
Exploit
Database
01 /192/ 2015 65
-
7/24/2019 2015 01 (192)
67/145
ROPROP---
. ,
? ,
, ., -
? , -
,
ROP-.
-
ROP-DEP.
Agafi (Advanced Gadget Finder) /
++ ROP-
( -
). ,
, EEREAP-
. -
.
QEMU
diStorm3.
-
:
agafi ROP-
();
agafi-rop ROP-
DEP (-
kernel32.VirtualProtect);
gisnap fsnap
.
-
,
. ,
x86-.
Agafi/ROP (goo.gl/0W347j) -
EkoParty 2014.
PORTEX
PortEx Java- PE-
, -
. -
PE-.Java Scala.
:
MS DOS
Header, COFF File Header, Optional Header,
Section Table;
: import section,
resource section, export section, debug section,
relocations, delay-load imports;
sections, overlay, embedded ZIP, JAR
class;
,
;
PE-
;
;
JAR-,
exe (, exe4j, JSmooth,
Jar2Exe, Launch4j);
Unicode- ASCII-;
overlay.
portex.pom
portex.jar :
! #$% &%'()**+&%'()**,!*-,.!*-/012(-34 5)2
,.01#6&*-/012(-3401#
-
Wiki (https://github.com/katjahahn/
PortEx/wiki).
MALWARE REPOSITORY FRAMEWORK
MalwaRE ,
PHP Laravel,-
,
. MalwaRE
Adlice (www.adlice.com/softwares/
malware-repository-framework/),
.
:
(
PHP/MySQL-);
VirusTotal
();
(AV,
, , );
URL
;
;
VirusTotal;
.
-
(
).-
.
X-TOOLS
D1g1
Digital Security
@evdokimovds
:NicolasEconomou:WindowsURL:https://github.com/CoreSecurity/Agafi
:Katja
Hahn:Windows/LinuxURL:https://katjahahn.github.io/PortEx/
:Vu Quoc Huy:LinuxURL:https://github.com/c633/malwaRE
WARNING
!-!,-!
1 2 3
01 /192/ 201566
-
7/24/2019 2015 01 (192)
68/145
MAILING PHISHING FRAMEWORK
Cartero -
CLI-Ruby.
Cartero -
, (,
Mailer, Cloner, Listener, AdminConsole),
.
,
gmail.com, -
:
!"#$%&'%( *+(,'% --.%+/&&012""
34$5+!#(4 --0$&/ "&40--6'71'%8'%
34$5+9#(4!"#$%&'%( :51&','%
--6'71'%8'% "&40"34$5+9#(4 -0 ;[ L F#(6-.A)*\D*K I-Z:[78
#(6-. *]0F.%J 6F *S)I-Z:[ LL R" *^(%%_]`*1*a6-C3*7S*@-*8
AD5,F%)IA78P#(6-. *]b 'CJ#%'
*S!5%E#C.ED,-.%-.F)*S456ON,(Q%(SF,*KIF,7S*@-*86A)c%.%-V)*dXefgdE`g_hi*77
%36.)?78IXhLMIE]gjkgjZ*]gjkgjElXdg*[SIE]gjkgjZ*jgmhg]nEhjo*[8
4Y F%D,-' F.&c% '(,##%(
Y4If_lLO&F%-&J%)*4CF(4O6-4$,F.*78I]+pLc%.DN')78I]+j
L*qB4O6-4F$@-D' G*SI]+pS*G@-6A Z /AGS456ON,(Q%(SF,G[8.$%-
Q655&55 /RIf_l8%3#,(. XhLG*SIXhS*G@-%3#,(.
a`EpjgabX`LS456ON,(Q%(SF,@-4CF(4O6-4$,F.@-C-F%. a`EpjgabX`@-*8I]+j
SL*D(,-.&O /5rc(%# /V G
-
7/24/2019 2015 01 (192)
73/145
!"#$%& ()*%%$%+ ,-$+.&/%(0
1,2,&345(6786,.(90:;
PHP-? : -
CMS (Google
WordPress), , -
. , FTP , FTP .
, PHP-.
(x86 x64)
. ,
-, Mayhem.
killall
/usr/bin/host () -
(x86 x64).
system() /usr/bin/host -
LD_PRELOAD=libworker.so, libworker.
so exit().
Mayhem .sd0,
FAT -
. -
FAT16/32 File System Library (fat_filelib).
.
libworker.so -
LD_PRELOAD -
,
-
. -
-
Mayhem.
, -
.
-
: URL -
,
. -
, -
,
, Mayhem
.
-
:
,
Remote File Inclusion;
-
WordPress,
-
;
-
Joomla
WordPress;
CMS- ISP-;
, ,
, ;
FTP-;
IP-;
-MySQL (phpMyAdmin);
Heartbleed ShellShock.
.,
1400 .
Akamai Technologies -
Linux- IptabLes/IptabLex,
DDoS-. , -
Apache Struts, Apache Tomcat
Elasticsearch.
-
ELF -
IptabLes IptabLex.-
/boot,
/usr.IptabLes (1)-
IptabLex (700 ), -
root.
., .
/etc/rc.d/
init.d, . -
-
Linux, Debian, Ubuntu, CentOS Red Hat.
DDoS SYN flood DNS flood. -
,
-
119 /110.
, DDoS-2014 .
DDoS-
Linux.BackDoor.Fgt.1.
,
Linux. -
, MIPS SPARC.
:
IP--
;
;
DNS amplification;
UDP flood;
SYN flood;
;
.
,
-
-
.
256
IP-,
. IP
,
, -,
.
, -
Telnet
. -
(root,
admin), .
, -
-
(root, admin, 12345). -
-
IP-, ,
bash-, -
. -
.
,
Linux-
Windows, . , ...
POWERSHELL, . , -
, . .
Trend Micro Symantec -
,
Microsoft Word Excel.
Crigent ( Power Worm).
Windows PowerShell.
, Microsoft Excel
:
-
(. National Security Agency, NSA)
. -
, (. No Such Agency).-
-
, NSA
. NSA
,
, -
--
. , ,
, -
, -
, -, - , -
,
.
NSA SELinux,
Linux.
Linux .
NSA
01 /192/ 2015Malware72
-
7/24/2019 2015 01 (192)
74/145
!"#$%&' )*+ ,-".+--./01'234+ 5 6789:;90:?@
-
7/24/2019 2015 01 (192)
75/145
NTFS Alternate Data Streams, , -
MoveFileEx() MOVEFILE_DELAY_UNTIL_REBOOT.
Poweliks, -
,
.
, malware-, -
Kafeine ( malware.dontneedcoffee.com ), -
, Poweliks -Alureon.GQ (Microsoft),
Wowlik (ESET). ,
, -
, -
, TDL TDSS.
,
(,
,
). Kafeine ,
, -
C&C Poweliks, -
downgrade
, Alureon.GQ.
2014-
Poweliks
30 (-
-
2013 ). ,
-
Microsoft Word.
-, -
, Stuxnet.
- , , ? 2014 Symantec
Kasperskywhite paper Regin.
-, .
? , -
, Symantec, Kaspersky(
2014-. . .) (
). , -
Regin, (. 5).
, .
64-Microsoft Broadcom.-
CA ,
.
.
Regin, -
(). x86- x64-.
x86 ( ),
, .
NTFS,
(-
) Alternate Data
Streams :
%Windir%;
%Windir%\fonts;
%Windir%\cursors.
FAT,
.
,
. x64
-
, -
. ,
,
, -
XOR.
() -
,
.
:
x86 NTFS Alternate Data Streams;
x86 FAT ;
x64 .
20 -
RC5 16-NRV2e.
x86 -
VMEM.sys,
-
(EVFS). Regin,
,
--
evt
imd,
, -
C:\Windows\System32.
- -
FAT, ,
-
,
16- -
RC5
NRV2e. VMEM.sys -
EVFS- -
disp.dll ( ),
,
.
x64 disp.dll,
EVFS, -
. ( VMEM.sys), disp.dll -
EVFS, .
:
HTTP HTTPS, cookie;
RAW sockets, TCP UDP;
ICMP,ping shit,
31 337; SMB.
-
- Regin
.Regin
.
, Regin -
.
-
:
. 7. Stuxnet
. 6.Regin
6
7
01 /192/ 2015Malware74
-
7/24/2019 2015 01 (192)
76/145
;
;
;
;
;
HTTP/SMTP/SMB.
: (RAW) NTFS /-
;
IP-(TCPDump);
;
LM database;
MS Exchange;
IIS;
,
GSM.
-
.
,
70 -
, 2008
, -
Ericsson OSS MML.
Symantec, 28%
-
, 48% -
.
-
, ,
.
-
(.
. 6).
,
Symantec -
- The Intercept
-
,
, -
(Secret Malware in European Union
Attack Linked to U. S. and British
Intelligence).
,
, -
NSA/GCHQ -
-
,
.
-
Belgacom GCHQ
,
.
, -
.
-
(fingerprint) , IP-,
, email .
,
NSA/GCHQ. ,
fingerprint,
. -
, -
, -.
Belgacom. , -
, -
(Jean-Jacques Quisquater), -
. The Intercept Regin
NSA/GCHQ.
, .
( ), -
. , -
.
. , Symantec
Regin 12 2013 . Microsoft -
9 2011 . F-Secure
Regin 2009 . , , , 2003 .
-
: , Stuxnet, Duqu Regin
. ,
. -
.
: AES , RC4 , ? ,
.
, Stuxnet.
-
zero
victims (
patient zero, -
).
, Stuxnet -
-
, -
.
.
, -
: ,
IP-.
, ,
() zero
victims. -
,
-
:
Domain A Foolad Technic
Engineering Co.;
Domain B Behpajooh Co. Elec
& Comp. Engineering;
Domain C Neda Industrial
Group; Domain D Control-Gostar
Jahed Company;
Domain E Kalaye Electric Co.
c
Foolad Technic Engineering Co.
-
Stuxnet -
.
,
Stuxnet
. , ,
-
,
.
, -
-
Stuxnet. -
,
-
.
Behpajooh Co. Elec & Comp. Engineering ,
Stuxnet ,
.
Stuxnet Symantec W32.
Stuxnet Dossier ver. 1.4 2011 . ,
, ,
Domain A, B, C, D, E?
.
?
JAVA-,
.
ERP -
Java Runtime Environment (
),
.
() -
: , -
, -
,
60-.-
.
*nix-
.
,
?-
, DDoS-, ,
.
,
, Java PowerShell
. ,
.
State sponsored malware, ,
, .
-
.
,
., (,
) :).-
-
. ,
.
!, ,
, .
01 /192/ 2015 2014 75
-
7/24/2019 2015 01 (192)
77/145
(, ) -. , , -. :
:). , , -. -! ,
.
2014
][
,
][. -
,
Node.
js, Erlang,
-
-
,
][, -
-
-
-
,
Malware,
, -
,
-
Deeonis,
-
Malware
,
++ , , -
,-
Malware,
-
,
X-mobile,-
,
Plan 9
:)
[email protected]
01 /192/ 2015Malware76
-
7/24/2019 2015 01 (192)
78/145
,,WIN, MAC(INTERNET SECURITY,)
-
. -
Linux Mint
,
Windows 7 x64,
,
-
.
,
PeStudio, -
-
. ,
, -
omodo
Nod32.
(Kaspersky), -
, -
, .
, -
( ) -
--
, .
security-, , -
.
,
-
. : ,
, -
, , :).
-
, , . -
Dr.Web, ESET, Essential, Avast .
-, -
(
).-
, ,
VirusTotal, - -
, -
. , ,
, ,
. KIS, . ,
. -
,
,
- .
,
, VirtualBox,
Kali, IDA, OllyDbg + ImmunityDebugger, VS, WinHex, PEiD,
ProcessExplorer, :).
KISDr.Web.
, ,
. -
1998 :).
, -
, ,
.
Deeonis
, -
Windows-,
Microsoft Security
Essentials. ,
. -
,
Windows
MS,
MS.
:).
Security Essentials -
, .
Microsoft ,
API.
ArchLinux,
,
docker/lxc. Windows
, . -,
, VirtualBox.
Windows, :
.
,
. , ,
. :).
01 /192/ 2015 2014 77
-
7/24/2019 2015 01 (192)
79/145
:.,?
(,, IDA)
Android-
Dr.Web:
APK ,
SMS , -
.
-
Dr.Web. ,
, -
.
,
, -
, -
, ,
.
. -
Android (
1.5),
,
-
, -
- .
, -
-
.
,
,
Motorola Defy
SIM-
AOSP
Nexus 4. /-
/
Avast. , -
. iOS, , -.
Deeonis
,
Windows Phone.
, -
, VirtualBox, Kali, IDA, OllyDbg +
ImmunityDebugger, VS, WinHex, PEiD, ProcessExplorer,
:). ? , -
,
(, ...) -
. VirtualBox -
. Kali Linux must have,
, ,
, , . IDA + Olly + Immunity + PEiD
, -
, , -
.VS IDE
.WinHex -
, , ,
. ProcessExplorer,
, .
01 /192/ 2015Malware78
-
7/24/2019 2015 01 (192)
80/145
Deeonis
-
NoScript
Mozila.,
-
.
, , (-
) . -
, - 2000-,
, ,
, ,
-
, -
Norton Ghost
.
,
100%-
-
. , -
15
( 40 , - -
, :)).
,
,
.-
Debian,
OS X,
.
--
, -
. , -
/sensitive
-
.
: Dropbox;
Google Drive;
Amazon Glacier/S3;
Digital Ocean;
GitHub.
-
. , DB
fast-read ,
. Google
Drive , -
, ,
review. S3
,
Glacier. ,
,
,
,
.
, , -
-
. ,
-
, private
network SSL -
,
-
bash-. -
,
c
docker-, -
, , -
(, , ,
Flash
,
). ,
backup- Time Machine. -
, :).
, , -
, :
?
!
,
. -
-
,
.
ASAP
endpoint -
.
, -
.
-
backup-,
Comodo -
Comodo Backup (
).
-
-
. ,
,
.
*nix . -
, , ,
iptables -
,
. SELinux, -
,
. -
docker/lxc, docker-
Chromium Tor.
. .
, , Hardened Gentoo ,
, , .
01 /192/ 2015 2014 79
-
7/24/2019 2015 01 (192)
81/145
//,
,
-
.
(, -
, )
.
-
KIS
.
-
Avast.
: -
KIS. , ,
:),
. ( Core i3 Ivy
Bridge, 4 RAM, SSD),
.
Dr.Web Light.
Avast, .
Avast -
(, ,
:)) -
,
.
-
Trend Micro,
, .
:).
,
, -
, -
:). ,
- .
Avast
omodo. Avast -
. Comodo -
,
,
.
Comodo,
-
. , -
...
Windows Ubuntu.
, -
Nod32.
, , .
Dr.Web CureIt.
Deeonis
Ubuntu. -
99% -
, -
, Wine.
//:,
,
01 /192/ 2015Malware80
-
7/24/2019 2015 01 (192)
82/145
, -
. , , -
, . ,
IT, , -
.
, , , ,
USB-. ,
, .
, 50% malware ,
, , -
. : ,
temp, 90 malware -
. , -
, -
. ?
. ,
IT.
, ,
.
. , malware,
, ,
. , -
, . Kaspersky
Dr.Web.
, -
. AvastAvira,
.
. -Dr.Web:
,, .-
.-
, , . , -
200 , .
Kaspersky . Kaspersky
, -
, . ,
--
ESET,
, , . ,
.
,
, ,
, -
.
Avast, , ,
, .
Comodo , -
,
.
sandbox,
.
sandbox , .
,
MALWARE
01 /192/ 2015 2014 81
-
7/24/2019 2015 01 (192)
83/145
!
[email protected]
-
,
-
( -
). , -
Shiny (shiny.rstudio.
com), -
-R.
, R -
, .
-. -
, R
, -
, ,
:).
R,
(
), -
.
,,
R -
, , -
-
. ,
, -
? -
help,
.
, -!".
,
. ,
, -
,
-
.
, -R. -R .
01 /192/ 201582
-
7/24/2019 2015 01 (192)
84/145
, ,
: ,
, -
. ,
REPL (Read Evaluate Print Loop).
!"#$% -
-.
, [&' &),
R, , -
() .
1
. ,
,
,
.
-
*:
+ , -. */&01023+ ,4&' & 1 2
,
, :
+ , -. */&523+ ,
4&' & 1 2
, ,
. -
, -
, . -
%6!789.
, -. &52. R -
:;?@A=:>.
, -
B7*%8".
+ , -. B7*%8"/C$DE7"#*C0 F7$G%H I &)3
+ ,4&' ) ) ) ) ) ) ) ) ) )+ F7$G%H/,34&' &)
R ,
,
R , -
. , -
. ,
? , 10. -
.:
;
();
;
;
.
R -
, .
R, , -
, ,
L. , 10L.
:
+ , -. &+ %6!789/,34&' CJ8DKF7C+ 6 -. &@
+ %6!789/634&' C#$%7G7"C
-
+, .
L$9.
-
-.. -
:
+ , -. &)+ , M ,4&' &)
+ !"#$%/,3 M 4&' &)
R
:
+ , -. */CNC0 :;
-
7/24/2019 2015 01 (192)
85/145
:
! # $% &'()*+ %*),+ %*),-
! ./012'#- $% &'343+ 353+ 363-
, -
.
0/7894:
! 0 $% 0/7894'.8:; < =+ .&:> < ?-
! 0 @+(A @+=A @+?A@(+A BC BC BC@=+A BC BC BC
, -
. -
, D90:
! D90'0-
@(A = ?! /7789E#712'0-FD90@(A = ?
, -
(, )
: , -
, C Java,
, , , ,
FORTRAN R. , ,
:
! 0 $% 0/7894'(GH+ .8:; < =+ .&:> < ?-
! 0 @+(A @+=A @+?A@(+A ( ? ,@=+A = I H
-
, D90:
! J $% (GH! D90'J- $% &'=+ ?-
! J @+(A @+=A @+?A@(+A ( ? ,@=+A = I H
,
:
! 0 $% 0/7894'(GI+ .8:;27 $% >927'3K1>>:3+ (),+ LMNO+
(P=9-
! >27@@(AA@(A 3K1>>:3@@=AA@(A (),
@@?AA@(A LMNO@@IAA@(A (P=9
, -
, : , -
, -
. ,
:
! > $% >927'/
-
7/24/2019 2015 01 (192)
86/145
!"#$% $ ' () *+,-./012#$% 3456*3) + 78 4##'%%) *+,-./0+2#$%
359*-:-;3
) +#$% $ ' (
R.
, ##%% -
, -
#%
. !##%%-. -
, !.
,
-
, : 1##$%%##(%%, -,
2 ? 1 @ -46- ? 81 @A
,
,
. -
-
-46-. ,
B 78 5/ 01 7 >2 81 -
, 1 ) >-
CDEE.
56F9G44.
. -
R ,
, --
. R
-
. /.;,
for-in.
1 78
-
7/24/2019 2015 01 (192)
87/145
(-)
, -
.
backend as a service (BaaS)
,
BaaS Mobile BaaS
(MBaaS). MBaaS-
,
.
, -
, -
, -
.
MBaaS, .
, , -
, Angry
Birds, :).
. , -
Unity3D/C#, -
Windows, Android iOS. ,
-. -
.
?
MBAASMBaaS--
, :
1. MBaaS-.
2. ,
, .
3. -.
4. -
, -
.
5. API (
) .
6. MBaaS -
, .
MBaaS-, -
Unity3D. BaaS-
, -
SDK Android iOS,
,
.
? -
; -
, , -
, GPS. -
Unity3D
,
(Android, iOS, Windows Phone).
, :
!"#%&'()*+&,-.',+/012"03454.6789: (; <
/8=+/012"03454.6789:>?4/012"0@:8A8BC2/D@(8A8BC2/D;4/4E81?
FGH:1"/E ';I' < (;@J4AAKH:1"/EL>?E8:,85"98'0?FG
:
-. ,WPA- 2011--, 28 .-.
Wikileaks -, DDoS-. .
!"##$
infiltration.ru
infiltration.ru
01 /192/ 201586
-
7/24/2019 2015 01 (192)
88/145
!"#$%& ()*( + ,-!"./(%0123.4$5.6%$78.(3.%"$!.#9
-
READ_PHONE_STATE, -
.
MBaaS-, , ,
:
, ,
.
GameSparks.comThe #1 Backend-as-a-Service platform
for games, -
. ,
, SDK unitypackage
.
-
: API Key API Secret
(),
-
. Unity3D -
GameSparks.
: iOS, Android,
JavaScript, Marmalade, Cocos2d, Flash . Unity3D
SDK, , , -
: , , -
,
. -
Unity SDK 2 GameSparks
,
.
NGUI . ,
, NoSQL,
, -
, -
.
GameSparks : -
-
. -, MBaaS-
.
GameSparks
20 , 20
20 API -
. -
-
, .
Kumakore.com SDK Unity, Android, iOS, -
, , REST API. ,
SDK GitHub . -
Unity3D
: SDK unitypackage,
. -
. -
Hello world . -
(
),.
Kumakore -
, ,
-
:
:8/;> ;>> + %.?
:8/;>@ABCCDEFCGH.ICD.5F5.DJ;JHB0GEK;GCAL AM2MAL EDEJEMHGCEN9
-
:
;>>2!$&%$%@A;!!?1#3AN2!-%5
@3.O.&;".@=5"$1%6!.#,$&%$% ;5"$1%N
P$0@;5"$1%2&."Q13.@N ++ ,";"8!Q13.!2,6QQ*,,N P
RR RR 222S SN9
Kumakore ,
, - .
Global Object, -
. app
getUser(), -
getDatastore()
:
RR T$5"$1%;#-U!"#$%&L1BV.5"W 3;"; +
%.?T$5"$1%;#-U!"#$%&L 1BV.5"W@N93;";2=33@A>X1%.Y%8/AL
AEKHZDJZIGAN9RR 2 !"#$%& "->. + A>X1%.A9!"#$%& %;/. +
AO1[A9=5"$1%T;";!"1#.Q#.;". ;5"$1%K +
;>>2&."6!.#@N2&."T;";!"1#.@N25#.;".@"->.L %;/.L
3;";N9;5"$1%K2!-%[email protected].&;".@=5"$1%T;";!"1#.Q#.;". ;N P
$0@;2&."Q13.@N ++ ,";"8!Q13.!2,6QQ*,,N P RR \S SN9
-
( )
,
, -
. , -
: 500 API
push-.
Kii.com, .
--
. -
, , - (
), .
SDK -
, -
, , , -
. SDK DLL, JSON-.
Assets ,
.
Application ID, Application Key Site
().
-
.
:$$6!.# 8!.# + :$$6!.#2]8$O3.#^$"X_;/.@A8!.#%;/.AN2]8$O3
@N98!.#2`.&$!".#@A>;!!?1#3AL @:$$6!.# 8!.#KL*[5.>"$1% .N
+W
P$0@. \+ %8OON P RR #."8#%9
SRR \SN9
JSON-.
-
.
:$$]85
-
7/24/2019 2015 01 (192)
89/145
!""#$%&'()*+,'- / 0112!""#$%3456+778""#$%+9: )$%; :")* +?
/@
A "B7+ C/ *DEE? A FF G
+EH+ A FF C G
G?2
, JavaScript. -
, (-
, ),
:
8""4+I6+IJ)K+
-
7/24/2019 2015 01 (192)
90/145
. :
-
,
.
App42 Cloud API -
, .
-
: (, ,, , , , ,
) (-
, ,
, -,
, ).
-
.
App42
JSON- -
SDK,
SimpleJSON.
,
-
.
!"#$%&"'() &+,-.'()/!0,#12"!"#$%&"
30,#12"!"#$%&"/0#4
5 66 7 &+,-.'() 8 9":!"#$%&"'()
;??1@A=&>BCD"&"EA>@>IHA"@B?DA
-
7/24/2019 2015 01 (192)
91/145
!
,BOEING
yurembo ,
[email protected]
EIFFEL
,
-
, Eiffel.
.
, ,
. -
-
Eiffel, -
1985 .
(), ,
, ,
(-).
ISE
(Interactive Software Engineering), -
, (1993 ) -
Eiffel Software.
500 -
. ,
-
. ,
. -
/: Python
open source ; C/C++
, , -
, AT&T (Bell Labs),
(); Pascal,
Lua -
... , -
, -
Objective-C,
NeXT, , , Apple.
Eiffel ,
: , -
- Eiffel Sofware
Boeing, Rosenberg EMC.
(Eiffel Software, -
) , -
,
C
; -
.
, -
Eiffel. , open
source Visual Eiffel,
2007 . ,
EiffelStudio.
01 /192/ 201590
-
7/24/2019 2015 01 (192)
92/145
Windows, . Mac OS UNIX.
, -. ? Java? Mono? . Eiffel. .
, 01 /192/ 2015 91
-
7/24/2019 2015 01 (192)
93/145
1999 ,
-
. .
.
-
-
-
, , . AutoTest , -
, -
, .
-
. Eiffel,
. car -
nullptr,
() car->drive();. ,
car nullptr .
, -
,
. Void
Safety.
-
, C/C++, C# Java,
, -
.
, ,
- , .
Eiffel ! -
SCOOP (Simple Concurrent
Object-Oriented Programming) Eiffel
, -
.
, EiffelStudio
. , ( -
UML-),
, Eiffel-, -
-
, -
, . ,
,
, ,
: Pascal, Ada, Oberon. ! -
-
. ,,
, , Hello, World. -
Eiffel ,
. -
. (
) , -
-. , (client), -
(supplier), ,
. -
, ,
, -
, , .
,
, , ,
, ,
. . -
,
EiffelStudio . -
,
. .
.
-
. ,
()
: -
.
EiffelStudio
AutoTest.
,
--
01 /192/ 201592
-
7/24/2019 2015 01 (192)
94/145
, Eiffel, Java-, -
, .
EiffelWebEiffel
HTML-, , CGI-. EiffelLexEiffelParse
.
, .
,
! , -
Eiffel Software,,
Open Source.
EIFFELSTUDIO
EiffelStudio -
Eiffel. : -
EiffelStudio Enterprise Evolution Editio
