Pau Oliva Follow @pof

RT @raviborgaonkar: "How Vulnerabilities in Cellular Wireless Networks Can Enable Advanced Persistent Threats" from AT&T research http://t.co/JaCBFbGCSP #A

RT @brutelogic: An almost invisible ssh connection (no who, no IP logged): ssh -o UserKnownHostsFile=/dev/null -T user@host /bin/bash -i

KGTP: flexible, lightweight and realtime Linux debugger and tracer with X86-32, X86-64, MIPS and ARM support - http://t.co/5cZzgUraZs

I liked a @YouTube video from @teawater http://t.co/RTylqLUqms Use KGTP debug the Linux kernel of Android

Defeating the latest version of hosedex2jar - https://t.co/65gktMaaUE via @TeamAndIRC

RT @carlosacastillo: [PDF] DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware http://t.co/2ZkEyolRL9

android coffee art - http://t.co/ybuLaiCEqa

RT @xdadevelopers: Using Internal/Hidden Classes of the Android API http://t.co/FnbxDVx487

RT @opersys: "Leveraging Android's Linux Heritage" presentation now online: http://t.co/OTJZgIuSEj #AnDevCon

RT @karimyaghmour: "Inside Android's UI" presentation now online: http://t.co/4xxRpxdwft #AnDevCon

why release a new device for 'Google edition' instead of providing a ROM for existing ones? @htc & @SamsungMobile #youredoingitwrong

RT @AndroidPolice: Respected Security Researcher To Demo "One Root To Rule Them All" At Black Hat Conference http://t.co/aDPgmCQS1Q

RT @SantokuLinux: I'm feeling very... seedy. Download my all new torrent: https://t.co/gnhktuVgOi

Steve Kondik post on "revoke app permissions" on @CyanogenMod - https://t.co/vog3u3yPyz

w00t!!! My talk has been accepted for @_defcon_ 21, see you in Las Vegas! \o/

morpher: commercial code obfuscator, with Android (ARM) support - http://t.co/MsbtWblnjd via @andreybelenko

procyon-decompiler: New open source java decompiler - https://t.co/zbYmqcIQ6o via @marcograss

RT @jduck: Building a Nexus 4 UART Debug Cable (by myself and @hustlelabs) http://t.co/TCC9hZMbDC

RT @hugofortier: Recon Schedule and Talk Descriptions are now online: http://t.co/3bKI5OdasV

RT @viaforensics: Mobile app developers, it's time to stand out. Comptia Mobile App Security+ exam FREE BETA now available. Details: https://t.co/SUmghmGNVr

RT @raviborgaonkar: "@mod0: HTC Mail client does not properly verify SSL certificates. #htc #ssl #mitm http://t.co/Dt0AUrynEa" cc @pof

"Interesting cross platform product to protect your apps: http://t.co/R0ybOVLXPl " via @jmoutte @trufae

Per App settings (Xposed mod) is still the best solution to revoke perms on android 4.x - http://t.co/8eS4JxJJm6 http://t.co/npcGnA7jUz

Simple bypass of data wipe when unlocking the bootloader on Nexus4 - http://t.co/eVjCFLEYAe

Sky Twitter hack was a prank, Android apps not hacked and replaced - http://t.co/UXrIHhyNS8 via @timstrazz

oh, apparently Kivlad has not been updated since 2011 and only works with the included example apk - http://t.co/HECXyQfw1u

Kivlad (alpha release): native Dalvik bytcode decompiler writen in Ruby - http://t.co/IyqHx0mCZU

DexGuard obfuscated apk, with original source code - https://t.co/ENGdG0grMP

Advisory for Framaroot's Gandalf exploit (CVE-2013-2595) - https://t.co/zVq38VUSzu via @TeamAndIRC

RT @thuxnder: Slides about Android RE and Defenses are now online: http://t.co/SwEZ5Is2kQ #SRCDub2013 @BerlinSides @pleed_

RT @iamnion: guy disqualified from paypal bug bounty program for age, posts PoC for unpatched bug on full-disclosure :) http://t.co/j0Noovz8kM

RT @SkyHelpTeam: UPDATE: All Sky's Android apps were hacked and replaced... please uninstall it, And we will let you know when it will be available

RT @grsecurity: The definitive exploit for the perf events vuln: http://t.co/5d7rYptIzR Many new techniques to be found inside. All distros, x86/x64

RT @AndroidPolice: Sky Apps Hacked By Syrian Electronic Army – BSkyB: 'Android Apps Were Hacked And Replaced' http://t.co/x8fuWLt5AD

RT @TeamAndIRC: Apparently google's app verification service is actually active now http://t.co/3HP23KKFAk

RT @TeamAndIRC: Trying to get an android security community gonig on G+ https://t.co/ciCztMncu6

mv /mnt/dish /dev/body #olakase http://t.co/vtCxPEhgOf

Beta Test new "Permissions Denied" application (3.91 EUR) - https://t.co/CfFbcBa0ed just downloaded, let's see what's new!

Security Testing of the Communication among Android Applications - [PDF] http://t.co/VGndI2hwkc

Android Mobile Security: Threats and Protection - [PDF] http://t.co/RRTsTRN3Rf

FireDroid: Hardening Security in Android with System Call Interposition [PDF] - http://t.co/Wa6hLCJufu

RT @TeamAndIRC: Explained and automated the little LG escalation bug http://t.co/bMR069f2F5 http://t.co/HSyiAs7Ldu

RT @davtbaum: Thanks for coming out to my #Android #hacking talks #AnDevCon! All slides available here http://t.co/J6sPrkF7

I liked a @YouTube video http://t.co/yDpPD9u8WG Google I/O 2008 - Dalvik Virtual Machine Internals

RT @reversemode: "Identify Backdoors in Firmware By Using Automatic String Analysis" http://t.co/bnLeJNPnhh Backdoors, Markov and industrial firmware...

RT @dakami: http://t.co/Ppc0FK9Wc6 *facepalm* Google. Charge for services. It's OK. We'll still like you and it will clean up this gunk.

@trufae yes they can be clicked http://t.co/wDyopNx3Rz

RT @TeamAndIRC: A wild LG exploit appears http://t.co/HSyiAs7Ldu

Understanding how motochopper works - http://t.co/OpuhRcIWxR

SEAndroid and the motochopper exploit - http://t.co/9J051LRwCV interesting post, cc @djrbliss

RT @jtsylve: A new post describing a feature of Dalvik Inspector: Automated Volatility Plugin Generation http://t.co/zVlvHagLFL #dfir

RT @radareorg: Also… here’s a sample config to change radare2’s color theme. http://t.co/al2OJrivYa

RT @ChainfireXDA: Quick and dirty code but mostly works - sgs4ext4fs - https://t.co/Qodaj8mxMe

RT @djrbliss: Introducing Loki, a set of tools for booting custom kernels and recoveries on the AT&T/VZW Samsung Galaxy S4: https://t.co/qAQLLNnNg2

RT @djrbliss: Exploiting Samsung Galaxy S4 secure boot: http://t.co/DKYdEqr95y

RT @z4ziggy: #zCrackme2 – ARM Crackme competition http://t.co/plY0ssgmnc goes public; #ForBeerAndGlory

RT @esizkur: Our paper #IEEESP2013 "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization" is available here: http://t.co/NVN0TmD6Ah

RT @twitter: Make your Twitter account more secure with login verification, in 4 easy steps: https://t.co/OvAU2eIOIN

RT @BlueboxSec: Black Hat: @BlueboxSec's Jeff Forristal, a.k.a. Rain Forrest Puppy, will present: ANDROID: ONE ROOT TO OWN THEM ALL. http://t.co/viEKTljcOa

RT @grsecurity: No more kallsyms/System.map requirement: looking up symbols via the kernel itself: http://t.co/2lJcNNFzWZ

RT @jduck: Nice smorgasbord page by @saurik - #android #technical #architecture - http://t.co/dM3WjKQoBk

RT @gtvhacker: Google notified us today that they have pulled our #CubeRoot application from the Play Store. Info on our blog at: http://t.co/N7F7r2I342

RT @jedisct1: :) RT @ekse0x: lol https://t.co/Icw3JQMq2F

RT @JonathanSalwan: Little script to trace a kernel function https://t.co/d1nyLPBHE2

RT @joedamato: new blog post: A closer look at a recent privilege escalation bug in Linux (CVE-2013-2094) http://t.co/rsvbxLEhA4

RT @timstrazz: My #Android #syscan13 slides are finally online - sorry for the delay http://t.co/ihQF7KUJVy

RT @Accuvant: Zero-day Java exploit that enabled @jduck to take control of a patched Windows OS within 15 secs and win #Pwn2Own:http://t.co/4GpxVWY655

Detecting GPS Information Leakage in Android Applications [PDF] - http://t.co/S0sqblk6Si & Brox Tool: http://t.co/Nt9mrGFvwx

RT @devteev: DroidSQLi - MySQL Injection tool for Android http://t.co/7tbURqBlIw

RT @FSecure: Search engine available for Internet Census 2012 data http://t.co/cOxVpgq0Sk

@PaulOBrien did you remove tweakdeck from play store? can't find it :(

RT @xdadevelopers: App Analytics, or the Death of the Independent App Developer http://t.co/ygydM83Anh

RT @AndroidDev: All the #Android session videos from #IO13 in one YouTube playlist: http://t.co/1JKjmUEIZK

RT @kapitanpetko: Script to split Android backup into backups for individual apps: http://t.co/JB35r8CChj

@josuegf si, solo enctipta /data, por debajo usa LUKS, no debería notarse en el rendimiento para nada. http://t.co/kj9LAA5CH9

RT @supercurio: @xdadevelopers Thread for Stupid SU: stupid exploit for a stupid anti root strategy by @SamsungMobile on the S4: http://t.co/ijWePG5mQq

RT @NuShrike: .@pof #ADT22 also breaks lib .jar proj; export won't fix! A inc B which inc/exports C, A no longer sees C! anoth QUALITY @Android release

New ADT 22 breaks eclipse projects using libraries, here's the workaround: https://t.co/d1Av7s2PVR

@jduck new hangouts app breaks OTR chats. No idea what you said. :-/ http://t.co/NmLwznpWQr

RT @AndroidPolice: Hilarious Easter Egg in Hangouts. http://t.co/HR1eySCnsu

@AndroidPolice "none of us have been able to get the Hangouts app to actually open on a tablet" #nexus7 from apk http://t.co/PHQifLx0bq

name change again! RT @madCdan #AndroVM moving to a commercial product #Genymotion http://t.co/1UhQ7oWGEW

HIGHSEC Phone, Giesecke & Devrient RT @m_spreitz new Android crypto-phones -- http://t.co/GjYx4tjIOt

RT @AndroidPolice: [I/O 2013] New Google Wallet Instant Buy API Should Make Emptying Your Bank Account Much Easier, More Efficient http://t.co/fzJSQOSyFi

Google Hangouts in the play store (replaces google talk) - https://t.co/s4XiBgpLbW

RT @ErrataRob: @pof yea, but it's java. I wanna write apps in a real language, like JavaScript

Android Studio early access preview, ready for download - http://t.co/790GIWRut0

so, who's writing the first reverse shell using the new Google Cloud Messaging "upstream" feature?

will this gs4 nexus edition be exynos or qualcomm? and will it be AOSP supported?

RT @tapbot_paul: Standard android <clap clap> Unlocked device <clap clap> Unlocked boot loader <clap clap> Just $649 <cricket cricket> #

RT @cprofiler: BlueBox Android Challenge: http://t.co/xNszuyRlK4

i/o keynote, starting very soon... watch it live here: https://t.co/WqKxHi94kX

CodeAurora Forum Security Advisory Publication Guidelines - [PDF] https://t.co/ZNmPqcbCt3

TIL adb backup only backups data from the primary user account.

RT @cortesi: Just released mitmproxy 0.9. A huge release, with improvements across the board and major new features. http://t.co/3ciVJeicmG

RT @raviborgaonkar: Handy website for encoding/decoding/analyzing #2G, #3G, and #LTE messages http://t.co/GOpKP2JAUh. Useful while building a fuzzer.

RT @adumont: @pof btw just found this page about "The Xposed Framework" http://t.co/KmaCBQGd7i

RT @saurik: With Substrate, WinterBoard is also now available on Android, supporting icon packs and Theme Chooser on stock ROMs. https://t.co/RA0LrLWxfg

Substrate for Android: code modification platform behind Cydia which allows hooking Java-level APIs - http://t.co/Rh8FibWlmb

RT @viaforensics: The best mobile security distro just got better. Santoku 0.4 beta now available. Blog: https://t.co/BS6RtgfcbJ

RT @matthew_d_green: New blog: on cellular encryption protocols (and wiretapping all the world). http://t.co/iStUkKepZg

RT @hackerfantastic: Android malware grabbing script - uses emulator to browse "urls.txt" and send random web events via tab & click http://t.co/YR2UmMoJiB

RT @quine: Reposting (publicly) the lame way I resolved resource IDs to strings in Androguard (/cc @thuxnder @adesnos @pof): http://t.co/gdLoTX8AyD

RT @lennyzeltser: This is NOT the wireless access point you are looking for: http://t.co/Yr67SKMEm0 < A pen test experience by @Jason_Wood

AnaDroid: Malware Analysis of Android with User-supplied Predicates - [PDF] http://t.co/lSFQGDmJM2 tool: http://t.co/V2XGTmgj2k

hboot-tools, a set of utilities to reverse engineering HTC bootloaders, open sourced by @unrevoked - https://t.co/cfwQzAkJlG

productive Sunday: Santoku 0.4 iso ready & (almost) finished writing one more chapter of the Android Hacker's Handbook.

RT @kaepora: Snapchat encryption cracked. Uses AES-ECB, hard-wired keys, more awful design flaws: http://t.co/NPOKl6XIG9

Android Hardware Abstraction Layer Documentation - http://t.co/LczP7bDMDM

RT @trufae: Agedu - tool to calculate wasted disk space - http://t.co/hKfTOFaGz1

RT @VXShare: .@pof All of the samples in the January 2013 torrent are in the May 2013 torrent. Don't bother with January - it's going to get deleted.

RT @kapitanpetko: @timstrazz Here it is, comes with weird manga and much info: http://t.co/1RKXFhE4RP

RT @sole_marc: Voice-controlled Home Automation with Android http://t.co/4YO2BwHLh3 #MIBers

VirusShare Android malware samples: - 6.24GB torrent (May 2013): http://t.co/oklyE1SRHV - 3.24GB torrent (Jan 2013): http://t.co/iuslNS3xq5

RT @shawnvalle: Mobile Hacking BlackHat 2013 All-Stars: @planetbeing @pimskeks @cryptax @adi1391 @sunnyrockzzs @georgiaweidman https://t.co/DywVWtFwGf

RT @Jmz_Software: @pof not for me. I get lock pattern

RT @lilH3rmit: @RobertWBurton @pof Same here, lock pattern in viewing photos

RT @RobertWBurton: @pof I am getting challenged for the pattern when attempting to view the photo

Lockscreen bypass in HTC One (maybe Sense 5.0) - https://t.co/OUne72KjL8 Anyone can confirm?

@frommelmak can you buy the developer edition in Spain?

Dalvik Technical Information (bytecode format, .dex format, instruction formats) - http://t.co/RmacVfNqaY

What could possibly go wrong? - http://t.co/4JqDb5gYv7 #lockpicking

RT @collinrm: http://t.co/QqJuxpXSQX Some research to counter mTAN/OTP SMS Trojans on Android.

RT @mrbarnabyrobson: #unix nerds will appreciate this beverage. http://t.co/NhH4gdUWjx

RT @TeamAndIRC: Smali 2.0 beta is out https://t.co/jn5uC7S94y

RT @collinrm: http://t.co/V6AB0f5Knd Mobile Security News Update May 2013

paper from previous retweet: Evaluating Android Anti-malware against Transformation Attacks - [PDF] http://t.co/pwyuUD7yYn

RT @Angelill0: Anti-Virus Software for Android Fooled by Common Techniques, Researchers Say http://t.co/RPv27JaVU9

RT @WuShell: ${filename%.*} <- remove ext. from filename | ${filename##*.} <- get ext. from filename | useful #bash tricks -> http://t.co/r5N42kDhpV

RT @fail0verflow: New blog post: The future of console homebrew (and a shot of Espresso) http://t.co/NnVsoSB9UI

RT @_defcon_: RT @legitbs_ctf: DEF CON CTF Quals registration is live! http://t.co/uv3VE8nqRE

RT @godfreynolan: For those that asked me slides for @MobiDevDay Android Performance talk are up on http://t.co/F51EWwzsVs

RT @FortiGuardLabs: Improving #Android Reversing DEXterity 101 with Crypto Girl https://t.co/wgrjWzCsgp #reverseengineering #dex

Android CTS tests for security bugs (master branch) - https://t.co/HvI85hqK76

Redexer: A Dalvik bytecode instrumentation framework - http://t.co/q77yBSmTKi

RT @AndroidPolice: Samsung Aims To Block Root Exploits And Tighten Up Security With Latest Exynos Galaxy S4 Update, But This Is A... http://t.co/WT1Y6XpBYi

RT @adi1391: Walkthrough on #AndroidFrameworkforExploitation (AFE) - Finding and Exploiting Leaking Content Providers http://t.co/OcwrOYGYdd .

RT @oriolrius: Share your #android display with BBQScreen https://t.co/MDUtR8W5FX #app

filegive: secure & easy sending of files, point-to-point without 3rd party servers - http://t.co/Q6pXFlJC9Z

RT @_tomsteele: For all my credential harvesting homies https://t.co/RTbMa2ArZn

Blackberry 10 and Android with Samsung Knox, approved by the Pentagon to be used by the U.S. Department of Defense - http://t.co/li5TkAvgJc

Explanaion by @koush on HTC's "S-Off vs Unlocked, and flashing firmware" - https://t.co/RdGq2jG7VQ

RT @newsycombinator: Portal Released For Steam On Linux http://t.co/hApTdaAp55

RT @NicolasFalliere: Android/BadNews.A decompiled by JEB at http://t.co/uasadNChEy #jeb java decompiler

RT @carlosacastillo: [PDF] AppsPlayground: Automatic Security Analysis of Smartphone Applications http://t.co/9ISCrsrPIV

RT @kapitanpetko: More about code signing and permissions http://t.co/AelfTOlr1w

RT @PaulOBrien: Playing Google Music tracks in the native HTC Music player using GMusicFS = awesome. http://t.co/0hwrSqkKaM

RT @AndroidPolice: Dan Rosenberg Has Unlocked AT&T Galaxy S4's Bootloader, But We Won't Get To See How For A While - Here Is Why http://t.co/NOYT5x4hbe

RT @djrbliss: I'll just leave this here...*whistles* http://t.co/u83828TnrD

RT @yappare: #Web Based #android #emulator https://t.co/dJXwXI4Adh

RT @saurik: "Exploiting a Bug in Google's Glass" http://t.co/2C59FJRMBO <- This is both a "how to" and a detailed explanation of @Bin4ryDigit's exploit.

RT @viaforensics: Hacking while hacking: Slides from our live demo of hacking mobile at #THOTCON 2013: https://t.co/tZPr5inPKr Presentation by vF CEO @ahoog42