DroidRun brings AI-driven automation to Android: ✔ Auto-fill OTP codes ✔ Automate app/device initial setup ✔ Security/malware testing with #Frida running in the background ✔ Automate food orders & shopping github.com/droidrun/droidrun by @droid_run

Frida 17.4 introduces Simmy, a new backend for Apple’s Simulators on macOS. Spawn, attach, and instrument apps — just like on a real device.

Dropping the source code for OG IOLI-crackmes here, 18 years later 😅 github.com/poliva/IOLI-crack…

🚀 Just launched Cubedex – a new smartcube alg trainer to dril your algs like a pro! 🎉 Cubedex is a Progressive Web Application (PWA) that connects to your Gan smartcube using Bluetooth. 🧩 Try it out now: cubedex.app #cubing #speedcubing #GANcube #CubeDex

Check out Pau Oliva's, Senior Security Consultant at IOActive, talk on retro game emulation at @BarcelonaBsides tomorrow, 30 May! Pau's talk kicks off at 1pm.

Please welcome @pof from @IOActive to our lineup. He will dive deep into the fascinating world of retro game emulation, explaining techniques to hack emulators to enhance classic games with modern features. Tickets 👉lnkd.in/d2XwtVq5 #BSidesBCN24

New blog on exploring AMD Platform Secure Boot including common misconfigurations and implementation issues. Enjoy the read at labs.ioactive.com/2024/02/ex… #AMD #Firmware

BLE spam but for adult toys Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet whid.ninja/blog/denial-of-pl… by @whid_ninja

I just enabled MTE on my new Pixel 8!! 😁🔥 Check out Mark's blog on how to enable MTE on the Pixel 8 and Pixel 8 Pro: googleprojectzero.blogspot.c…

bugs.chromium.org/p/project-… just derestricted. Potential untrusted_app -> kernel r/w 😬 Fix is not on any end-user devices AFAIK but fixes are in OEM's hands.

💫 Here are my slides from my @BSidesCbr Keynote: "When Exploits Aren't Binary" 💫 github.com/maddiestone/ConPr…

I just released a blog post on an Android ITW exploit chain: googleprojectzero.blogspot.c… A big thanks to Google TAG and the other members of Project Zero who participated in the creation of this blog post and analysis of the chain!

Android 14 blocks downgrading apps through the 'adb install'/'pm install' shell commands, unless the app is marked as debuggable. Previously, the May 2023 security release included a patch that only blocked downgrading system apps to a version older than the one preloaded on the system image. However, starting in Android 14 Beta 5.2, this applies to all apps, as shown below. I can confirm this was only introduced in a 5.X release, as I was able to downgrade both the WhatsApp and Reddit apps using the '-d' flag on Android 14 Beta 5 but was no longer able to do so after updating to Android 14 Beta 5.3. According to one tipster, they first saw this behavior in Beta 5.2, which is why I'm saying it's Beta 5.2 . Also, since the One UI 6 beta is based on the latest Android 14 source code, it is also affected by this change. Now in order to downgrade a non-system app, you'll need to either fully uninstall the app and then install the older version afterward or be sure always manually install the app using the --enable-rollback flag so you can use Android's built-in rollback manager feature. This change has its benefits, of course. Older versions of apps can have security issues or just not use the latest security/Android feature. Plus, generally it's not recommended to downgrade an app without clearing its data, as it can cause issues with mismatched settings/databases. That's why it makes sense why this restriction doesn't apply to apps marked debuggable, so that developers can continue to downgrade apps for testing purposes. (Thanks to @Fasten_M and Moshe E for the tip!)

Contrary to popular belief, you can use eSIM phone plans without needing a phone that supports eSIM. Why would you want that? Many prepaid eSIM plans are very cheap and can be bought ahead of travel, but most phones don't have an eSIM chip built-in. So how does this work? The tl;dr is that eSIM is actually a specification that is implemented by a UICC, or universal integrated circuit card. Phones with eSIM support have an eUICC (embedded UICC) chip, but there's nothing preventing a vendor from making a traditional nano SIM-sized card with an eUICC that follows the eSIM spec. These are called "removable eUICCs" and are actually used in IoT devices, but their use in mobile devices is still somewhat new. A few companies have popped up that sell you removable eUICCs, like eSIM.me and esim.5ber.com, but it's also possible to DIY your own removable eUICC. There are tutorials online on how to take an off-the-shelf eUICC chip, remove the original chip in a physical nano SIM, and then weld the eUICC chip onto the nano SIM card. Some Chinese online retailers also sell the finished product for much cheaper than the aforementioned companies, but you can't just buy the product, insert it into your device, and then download an eSIM profile. That's because you need a way to actually provision the eSIM plan onto the removable eUICC. Most Android phones with eSIM support built-in ship with an app that does this, like SIM Manager on Pixels (shown below), but these apps won't work with removable eUICCs you insert. Companies like eSIM.me and 5ber offer apps that work with their own products, but if you go the DIY route, you'll need to use something like OpenEUICC. OpenEUICC is an open source app for Android that allows for provisioning eSIM profiles onto removable eUICCs. It requires certain system privileges to function, so you need a phone with root access to provision an eSIM plan. Once a plan is provisioned onto the card, though, you can use it on any device that has a SIM card slot. If you want to learn more about removable eUICCs and how eSIMs work in general, check out this article I wrote last year: esper.io/blog/android-desser… --- Other links: esimdb lists a bunch of prepaid eSIM plans: esimdb.com/ esim.me or esim.5ber.com for off-the-shelf removable eUICCs without the need for DIYing your own/rooting a phone to use OpenEUICC OpenEUICC project: gitea.angry.im/PeterCxy/Open… (DIY method): A tricky way to use eSIM on CN/IN variant: forum.xda-developers.com/t/a…

Shown below is one half of what Google is bringing to Android phones: device-to-device eSIM profile transfers through QR code scanning. You'll also be able to "convert" a pSIM into an eSIM, but this will require carrier backend support (starting with T-Mobile/Deutsche Telekom). Converting a pSIM to an eSIM might involve permanently disabling the pSIM after the transfer is done, from what I hear. (The below screenshots come from the EsimTransferSourceActivity and EsimTransferHalfSheetActivity activities within Google Play Services. However, the actual eSIM transfer process likely won't work unless we get an updated version of the SIM Manager app on Pixel.)

With #DEFCON31 ending, I'm doing a wrap-up on Katalina, an open source Android deobfuscator that reimplements all of Dalvik VM from the ground up. source: github.com/huuck/Katalina/tr… ppt: docs.google.com/presentation… blog: humansecurity.com/tech-engin… Happy reversing and thanks for attending!

Android Data Encryption in depth #MobileSecurity #AndroidSecurity by @max_r_b @DamianoMelotti @quarkslab blog.quarkslab.com/android-d…

Physical Attacks Against Smartphones #MobileSecurity #AndroidSecurity #BlackHatUSA23 [SLIDES] by @Iskuri1 i.blackhat.com/BH-US-23/Pres…