biazo

https://vtl0.com/biazoBiazo Blog 2025-03-07T18:31:04-05:00 biazo https://vtl0.com/ Jekyll © 2025 biazo /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png CVE-2019-2215 Bad Binder Writeup2023-05-27T00:00:00-04:00 2023-05-29T22:38:51-04:00 https://vtl0.com/posts/bad_binder/ biazo

Overview Bad Binder (CVE-2019-2215) is a UaF in Binder (Android IPC) and epoll (Async IO). This blog will go over why there is use-after-free (UaF) and how we can use UaF to achieve arbitrary read/write and perform a Privilege Escalation (PE). Exploit Exploit for this writeup will be hosted here Environment Setup Since this bug is in Binder and doesn’t require vendor specific kernel module...

srsRan 4G Setup2023-05-22T00:00:00-04:00 2023-05-29T22:38:51-04:00 https://vtl0.com/posts/srsran-4g-setup/ biazo

Hardware BladeRfMicro A4 sysmocom sim Card reader Omnikey CardMan or MCR3512 Software Ubuntu 22.04 VMware Workstation Install Ubuntu in VMware change usb setting USB Compatibility to USB 3.1 Update/Match IMSI with MCC/MNC pushing mcc mnc and changing the imsi to match the first five digit of sim card need to match mcc mnc . for us its 001 01 (test network) Example Confi...

Loadable Kernel Modules2023-05-08T00:00:00-04:00 2023-05-29T22:38:51-04:00 https://vtl0.com/posts/loadable_kernel_modules/ biazo

Overview Whether you are fuzzing or looking into certain Linux subsystems, you might need to set up a loadable kernel module if you selected m option on kernel config. An example would be something like Netfilter which would load that module when you use them dynamically. If you do an lsmod you should be able to see some of loadable kernel modules like nfnetlink (Netfilter component). These a...

Visualizing KCOV with syz-cover2023-04-27T00:00:00-04:00 2023-05-29T22:38:51-04:00 https://vtl0.com/posts/kcov-syz-cover/ biazo

Overview If you have used syzkaller, you seen how they have visualizer for kernel coverage. You can actually use syz-cover to do this with any kcov. Syzkaller Coverage Viewer Building syz-cover Prereq If you never installed syzkaller before follow this guide Build syz-cover (cover) git clone https://github.com/google/syzkaller cd syzkaller make cover syz-cover should be under syzkalle...

CVE-2020-27786 FUSE UaF2023-04-26T00:00:00-04:00 2023-05-29T22:38:51-04:00 https://vtl0.com/posts/cve-2020-27786/ biazo

Overview I was looking for nday that I can use to learn more about FUSE since userfaultfd technique is dead in lastest kernel :(. My good friend c0ld21 was porting kiks PoC of CVE-2020-27786 which is written for 4.9.223 to 5.6.13 and I scheme through the original PoC and thought it was a good candidate to learn more about FUSE. The reason being it triggers UaF via race condition through userfa...