Tricta
- 19 Years
- Pentester at https://hakaisecurity.io
- Programmer
- Gamer
- Cat lover
- Compulsive pizza eater
- Passionate about sysInternals, binary exploitation, offensive development and mobile
Session
Zygote is the first process to be started on Android, serving as a template/interface for launching new processes. As such, it has sufficient privileges to interact with any application, unlike the application-to-application perspective, which is extremely limited due to Android’s SELinux policies. Here, therefore, we find the state of the art for breaking the Android sandboxing system!
Tools like Riru and Zygisk use root privileges to alter Android's properties and subvert the system's behavior in order to inject code into Zygote, thereby reaching any loaded application and enabling hooking techniques for both native code and Dalvik (DEX) code.
In this talk, we will understand how these injections are carried out during the loader process, Zygote hooking, and hooking of both native and Dalvik (DEX) application code. Interesting, right? Come unlock the true potential of Android!