Tweets from July 2014

RT @arstechnica: Android crypto blunder exposes users to highly privileged malware http://t.co/V2ygWNIJz9 by @dangoodin001

8:41pm July 30th 2014 via Falcon Pro

RT @djrbliss: For bootloader menu on Blackphone, hold power button, then both volume buttons once phone vibrates. "fastboot oem unlock" is supported.

8:36pm July 30th 2014 via Falcon Pro

RT @TeamAndIRC: The blackphone is OEM'd by Tinno, and is not a new phone. Standard cheap tinno phone with custom firmware

8:36pm July 30th 2014 via Falcon Pro

RT @collinrm: http://t.co/fhxusLj4pQ tiny mobile security news update.

8:35pm July 30th 2014 via Falcon Pro

RT @kapitanpetko: @j4istal It would've been a good idea to mandate self-signed certs from the start since Android doesn't care about PKI anyway

8:30pm July 30th 2014 via Falcon Pro

RT @j4istal: @kapitanpetko Yep, exactly. There's only a few places in AOSP that satisfy this; a few more that are third-party device vendor add-ons.

8:30pm July 30th 2014 via Falcon Pro

RT @kapitanpetko: FakeID can't be used to get system permissions directly, because package manager requires that all certificates match, not just one

8:29pm July 30th 2014 via Falcon Pro

RT @kapitanpetko: So the Android FakeID thing is only a problem for features that require a particular certificate to be included in APK signers.

8:28pm July 30th 2014 via Falcon Pro

RT @headhntr: It seems #Blackphone tries to load a new OS (PrivatOS 1.0.1) over HTTP from this AWS server URL https://t.co/VqFb4z5514 HT @kappuchino

8:26pm July 30th 2014 via Falcon Pro

RT @TeamAndIRC: wow FirePhone shipped vuln to futex

8:25pm July 30th 2014 via Falcon Pro

RT @AndroidTamer: Non Technical overview of Android FakeID Vulnerability discovered by @BlueboxSec to be disclosed @BlackHatEvents : http://t.co/M1On7cs4Eq

8:39pm July 29th 2014 via Falcon Pro

RT @kapitanpetko: Looks like no hardware-backed keystore on the Blackphone, but it has full? Python runtime...

8:28pm July 29th 2014 via Falcon Pro

RT @0xroot: BlackPhone (PrivatOS 1.0.1) image - http://t.co/rzOJMHLKIV

8:28pm July 29th 2014 via Falcon Pro

RT @kapitanpetko: So is writing zeros all over /data on Android enough for 'secure wipe'? Cf. https://t.co/hABiqq9hve

8:25pm July 29th 2014 via Falcon Pro

RT @gtvhacker: Thanks to @halfluck we've posted a link to the initial OTA update for the ADT-1 Android TV on the GTVHacker Wiki. http://t.co/63XCZabJUm

8:24pm July 29th 2014 via Falcon Pro

RT @andremoulu: ZjDroid - Android app dynamic reverse tool based on Xposed framework https://t.co/yI7WCbSehu

8:18pm July 29th 2014 via Falcon Pro

RT @oscarmlage: How to resume a stalled #scp upload? with #rsync: rsync --partial --progress --rsh=ssh file.zip user@myserver:/path/to/file.zip

9:52pm July 28th 2014 via Falcon Pro

RT @Fuzion24: Obfuscating native Android applications using Obfuscator-LLVM: http://t.co/CIIjEc6Bmi

6:11pm July 28th 2014 via Falcon Pro

RT @grsecurity: SELinux: it keeps you secure, except from all the ways people compromise machines in real life:http://t.co/OOPrXftH0c http://t.co/hnLyPUoIGB

8:24pm July 27th 2014 via Falcon Pro

RT @raviborgaonkar: On other note, OpenBTS now supports 3G data capability http://t.co/dczCPgIjfb update your fuzzers to break new phones ;)

8:17pm July 27th 2014 via Falcon Pro

RT @ithurricanept: ZjDroid:Android app dynamic reverse tool based on Xposed framework via Baidu Security Labs:https://t.co/VjOP0yHzWl

8:16pm July 27th 2014 via Falcon Pro

RT @0xroot: Advanced bootkit techniques on Android - http://t.co/bddycrvErE

8:12pm July 27th 2014 via Falcon Pro

RT @matalaz: SyScan360 2014 slides are out: http://t.co/bgkeypdoQ1

8:12pm July 27th 2014 via Falcon Pro

TWRP custom recovery Available for LG G Watch and Samsung Gear Live - http://t.co/UJtKO0ry8R

8:10pm July 27th 2014 via Falcon Pro

RT @timstrazz: Follow up post on #Android LKMs http://t.co/xqWU4MCP71 + code for two that I use to aid in reversing https://t.co/gaqdxEckxa

6:19am July 25th 2014 via Falcon Pro

RT @xdadevelopers: Samsung Gear Live Stock Firmware Image Pulled, Temp Root http://t.co/4mVqgRRT7e

6:17am July 25th 2014 via Falcon Pro

RT @Fuzion24: JustTrustMe .. An xposed module I built to kill SSL certificate checking on Android: https://t.co/FCxivKRt3z

6:16am July 25th 2014 via Falcon Pro

RT @timstrazz: #Android #Malware samples for ScarePakage posted on Contagio dump http://t.co/8I8J9AoCAI

1:51pm July 24th 2014 via Falcon Pro

Tinkerbell: A simple app to download from Unofficial Android Marketplace(s) by @Gunther_AR - https://t.co/olAwYJakip

1:50pm July 24th 2014 via Falcon Pro

RT @viaforensics: "All you notes in #evernote belongs to me" by @viaForensics researcher Sebastian Guerrero (@0xroot): https://t.co/4pPbbCSrTl

8:11am July 24th 2014 via Falcon Pro

RT @natashenka: Special thanks to @jduck, our first Patch Rewards recipient for Android!

6:41am July 24th 2014 via Falcon Pro

RT @Mobile_Sec: In order to prevent from SQL Injection in Android, use SQLiteStatment instead of SQLiteDatabase.rawQuery(). http://t.co/HJinm8bT7C

5:36pm July 23rd 2014 via Falcon Pro

RT @AndroBugs: @jduck @Mobile_Sec For Activity, Service and Receiver, I think @Mobile_Sec is correct (but "signature" can be used to protect exported cmps)

5:36pm July 23rd 2014 via Falcon Pro

RT @saidelike: We've just published an article on Android FDE http://t.co/a3MiuKejbP and to try it yourself, see our github: https://t.co/sNnq0htltj

12:33pm July 23rd 2014 via Twitter Web Client

RT @IncludeSecurity: We put up a quick blog post on decoding Protobuf when hacking apps http://t.co/dFqUCU61hN

9:27am July 23rd 2014 via Falcon Pro

RT @kapitanpetko: Secure voice communication on Android (very basic) http://t.co/NnGoISRyHK

8:18am July 23rd 2014 via Twitter Web Client

RT @timstrazz: Quick script for extracting odex files from core dumps using #010Editor https://t.co/WbG0O2uVTK

12:21am July 23rd 2014 via Falcon Pro

RT @REhints: IDA processor module for Qualcomm Hexagon (QDSP6) processor. Used in basebands (Apple, Samsung, ... ) https://t.co/nvA8ByOyW2 #REhints

12:17am July 23rd 2014 via Falcon Pro

RT @AndroidPolice: Google Uploads Android Wear Source Code To AOSP, Includes 4.4w_r1 Release http://t.co/l3J6gtd84m

12:16am July 23rd 2014 via Falcon Pro

RT @jbqueru: If the rumors/leaks were true, Google will stop certifying JellyBean devices at the end of the month. Yay! http://t.co/aN5eJy6M9k

12:09am July 23rd 2014 via Falcon Pro

RT @kapitanpetko: Apparently Android's upcoming KNOX integration does not include any hardware-dependent features. https://t.co/osGOZHsmbQ

7:51am July 22nd 2014 via Twitter Web Client

RT @Mobile_Sec: NDroid , an efficient dynamic taint analysis system for checking information flows through JNI: http://t.co/rYJsEcNBQL

2:04pm July 21st 2014 via Falcon Pro

RT @0xroot: A dynamic information flow tracing system for Android - Paper: http://t.co/M7F6hSjd24 Source Code: https://t.co/JEI9saAmBD

2:02pm July 21st 2014 via Falcon Pro

RT @timstrazz: Found some of my old notes and figured it might be helpful to someone, Compiling an Android Emulator for LKMs http://t.co/iVvOgDI9uX

2:02pm July 21st 2014 via Falcon Pro

RT @Dinosn: Linux Futex exploit (CVE-2014-3153) http://t.co/6JBXirY2Bv

1:52pm July 21st 2014 via Falcon Pro

@angealbertini mamecheat has most hacks http://t.co/I1muqGjZgm (look at their forums as well), and more ST-specific: http://t.co/C3ml2qAdhq

1:38pm July 20th 2014 via Twitter Web Client in reply to angealbertini

RT @TeamAndIRC: LG G3, LG Flex etc etc Root vuln, doesnt LG make you feel safe? https://t.co/500oy0PlCk

8:31am July 20th 2014 via Falcon Pro

@pattheflip just finished reading ur book, has been of great help for me to absorb the basics about ST. Thanks a ton from a noob ryu+hawk :)

10:38pm July 16th 2014 via Falcon Pro

RT @martinkrafft: Retweet n times within a week and I'll donate [ 10-exp(-n/10³)×10 ] #Bitcoin to @torproject. Go! #Tor #RTdonateWeek #FeelingExperimental

6:22pm July 16th 2014 via Falcon Pro

@wdtz @jduck press & hold the icon to get a description of what it does

5:55pm July 16th 2014 via Falcon Pro in reply to wdtz

RT @funkyandroid: The update from android-4.4.4_r1 (KTU84P) to android-4.4.4_r2 (KTU84Q) contains only proprietary binaries.

5:48pm July 16th 2014 via Falcon Pro

RT @Mobile_Sec: Exploiting Content Provider Leakage http://t.co/uWAG0PgxgU by @srini0x00

12:28pm July 16th 2014 via Twitter Web Client

RT @tylerni7: Geohot finally released his secret tool for winning CTFs https://t.co/IatBRoZK3j (okay, not exactly, but it's still a neat project)

6:36am July 16th 2014 via Falcon Pro

RT @scarybeasts: Excited to formally announce a new security team, Google Project Zero: http://t.co/f1CxUgNy7d

7:12pm July 15th 2014 via Falcon Pro

RT @Mobile_Sec: Did you ever noticed Android framework has a component that is called Intent Firewall: http://t.co/MXE9Yg41sD Great Work!

7:12pm July 15th 2014 via Falcon Pro

RT @cgvwzq: @0xroot or NFCSpy: https://t.co/8bCqAUiOcS Which uses Kitkat's HCE instead of CM

7:00pm July 15th 2014 via Falcon Pro

RT @AndroidTamer: Android Security Enhancement List updated with security enhancement details about version 4.4.3 and 4.4.4 : http://t.co/5xTKAvuOZ7 Please RT

2:37pm July 14th 2014 via Twitter Web Client

RT @rotxed: I just published “[DEX] Sky’s the limit? No, 65K methods is” https://t.co/F6oQtK4377

9:18am July 13th 2014 via Falcon Pro

RT @REhints: IDA Dalvik debugger: tips and tricks http://t.co/DKSEGZVC3E #REhints

9:13am July 13th 2014 via Falcon Pro

RT @kutyacica: Thank you @google for following @CodeAuroraForum in establishing a hall of fame in the Android space! Well deserved! https://t.co/XbQzT11nsT

9:01am July 13th 2014 via Falcon Pro

Super Street Fighter 2X - XMANIA USA Top 8 is about to start, in main EVO stram -http://t.co/6w3zhzCpkM #XMANIAUSA #SuperTurbo

12:28am July 13th 2014 via Twitter Web Client

@ISIMORN Balcork & Orf, congrats guys, you played awesome! Team Europe FTW :D

7:52pm July 12th 2014 via Falcon Pro

XMANIA USA, Super Street Fighter 2X tournament Live from EVO2014 about to start - Stream: http://t.co/A5Dg5RBPjs #xmaniausa

4:48pm July 12th 2014 via Falcon Pro

RT @sf2kuroppi: MAO is your Tournament of Legends II champion! #Evo2014 http://t.co/ysymsNzYI4

10:09am July 12th 2014 via Falcon Pro

@arkadeum @sf2kuroppi why all top8 not streamed? are off-stream matches being recorded? #ToL2 #evo2014

12:59am July 12th 2014 via Falcon Pro

@ISIMORN good luck on the qualifiers man! looking forward to see you on stream #ToL2

9:26pm July 11th 2014 via Falcon Pro

RT @sf2kuroppi: Tournament of Legends Qualifier pools http://t.co/GSiJ3dCbPu

7:19pm July 11th 2014 via Falcon Pro

@sf2kuroppi congrats man! well done & you deserve it!!! #tol2

6:44pm July 11th 2014 via Falcon Pro

Pool B starting now #ToL2 (brackets) - http://t.co/cI7suC6oSL & live stream: http://t.co/NjKVMS9Uix

5:34pm July 11th 2014 via web

Brackets for Tournament of Legends 2 qualifer (Pool A) are here - http://t.co/bSJWv3PqZG #ToL2

5:08pm July 11th 2014 via web

Tournament of Legends 2 #tol2 Qualifiers have started, watch it live at http://t.co/A5Dg5RBPjs #SuperTurbo

5:05pm July 11th 2014 via web

@Nineain si, por algun cajón anda, pero hace años q no la uso :D

10:47am July 11th 2014 via Twitter Web Client in reply to Nineain

RT @googlechrome: #NowCasting: Starting today, you can mirror your Android screen to see your favorite entertainment on the TV screen. http://t.co/kyta1Z2h5L

11:24pm July 9th 2014 via Falcon Pro

RT @AndroidPolice: Paid Apps On Android Wear Made Possible Through Google Workaround, Let The Spending Begin http://t.co/VJG5vYtHf4

11:19pm July 9th 2014 via Falcon Pro

RT @PaulOBrien: The G-Watch watch faces crash on Gear Live because com.google.android.permission.PROVIDE_BACKGROUND isn't granted as a non-system app...

11:13pm July 9th 2014 via Falcon Pro

RT @suffert: Introducing Chrome Remote Desktop for Linux https://t.co/0K3nHoBxof

11:12pm July 9th 2014 via Falcon Pro

RT @Curesec: We also added the exploit of CVE-2013-6271 in the drozer exploit package! http://t.co/l6Y5U9snzH Bug: http://t.co/BP6EYocRPa Have fun!

11:10pm July 9th 2014 via Falcon Pro

RT @0xroot: Disect Android APKs like a Pro - Static code analysis - http://t.co/eFNVKzWaJO via @marcograss

10:30pm July 9th 2014 via Falcon Pro

RT @Mobile_Sec: Analysing Android’s Full Disk Encryption Feature http://t.co/TY0N5YhYPg

10:27pm July 9th 2014 via Falcon Pro

RT @grsecurity: Of the revelations in http://t.co/sFCwgmLsTI is that geohot's futex exploit uses the tgkill() infoleak I found and Emese reported last year

10:24pm July 9th 2014 via Falcon Pro

my Samsung Gear Live has arrived! #androidwear http://t.co/KfSVyr9ptw

3:23pm July 9th 2014 via Falcon Pro

RT @anestisb: @pof hope to have some OAT bin templates soon, to read these Quick Opt. Bridges in the bytecode level. Until then - https://t.co/4QrxjD7s6y

4:10pm July 8th 2014 via Falcon Pro

RT @anestisb: @pof It's not safe to export the OAT embed. DEX that way as it's opt. in the bytecode level as well - http://t.co/pLPLiyW8Av /cc @Gunther_AR

4:10pm July 8th 2014 via Falcon Pro

RT @anestisb: oatdump++ Android ART l-preview and master branches support & binaries have been added — https://t.co/4QrxjD7s6y

4:09pm July 8th 2014 via Falcon Pro

RT @AndroidPolice: [Bug Watch] Paid Apps Cannot Be Installed On Android Wear, Play Store Encryption Likely At Fault http://t.co/TLRtJ1QBx1

10:01am July 8th 2014 via Falcon Pro

@temp_rooted @rallat wow SF2 with a relaxing cup of café con leche :D

6:28am July 8th 2014 via Falcon Pro in reply to temp_rooted

RT @gtvhacker: Check out the new Google ADT-1 tear down, fastboot, and recovery pictures on the Android TV section of our wiki. http://t.co/tHfPAj9b00

12:44am July 8th 2014 via Falcon Pro

RT @0xroot: Exploiting the Futex Bug and uncovering Towelroot - http://t.co/mR6qkua0dH via @marcograss

1:18pm July 7th 2014 via Twitter Web Client

re. prev tweet, the 2nd bug that abuses SEARCH_SUGGESTION_DIAL_NUMBER_CLICKED is explained here: https://t.co/wpUqCr8d9o kudos to @Curesec

11:23am July 7th 2014 via Twitter Web Client

CVE-2013-6272 Apps without phone permission can do a phone call, send USSD codes or hangup ongoing calls - https://t.co/NeHrgldMwu

11:02am July 7th 2014 via Twitter Web Client

RT @r_netsec: Transient custom recovery boot for bootloader locked Nexus devices (mitigates physical attacks) - http://t.co/tZ3OzHA1E9

8:22am July 7th 2014 via Twitter Web Client

RT @AndroidPolice: [How-To] Android Wear: Enable Debugging, Take Screenshots, Unlock The Bootloader, And Root The LG G Watch http://t.co/CmU2dRlO36

11:53pm July 6th 2014 via Falcon Pro

@thegrugq @timstrazz yes, but I was going to do dynamic analysis as I want to reverse the network protocol that the app uses.

1:39pm July 6th 2014 via Twitter Web Client in reply to thegrugq

@thegrugq yeah, trying to reverse that shit without having to run a Windows VM for it

9:56am July 6th 2014 via Falcon Pro in reply to thegrugq

Strategies in improving Android Security (from the user’s awareness level as well as technical level) - [PDF] http://t.co/rWEYaBEHDc

9:51am July 6th 2014 via Twitter Web Client

Cross-sectional examination on Android Security (Google/carriers, 3rd party security apps & user behavior) - [PDF] http://t.co/ZThrS8WHW3

9:46am July 6th 2014 via Twitter Web Client

Anyone knows how to "fix this problem (TM)"? trying to run a windows .NET app using #mono on Linux. #kthxbye http://t.co/pKMHrK384T

9:32am July 6th 2014 via Twitter Web Client

Rovo89 (Xposed framework developer) Speaks up Regarding ART and Android L Support - http://t.co/7n8dtVDQA4

7:21pm July 5th 2014 via Falcon Pro

RT @DevTroy: Running android and want to check if your device is vulnerable to the Keystore bug (for rooting or ? ) Check out https://t.co/P2HEG56CJr

6:20pm July 5th 2014 via Falcon Pro

RT @dnaltews: If you're building and distributing custom Android images, please, please use your own signing keys. See: @mjg59 's http://t.co/RAWIjNjI7Z

6:20pm July 5th 2014 via Falcon Pro

RT @ChainfireXDA: EFF talks about Wi-Fi network name leakage on Android - I get mentioned too in the footnotes (hurrah I'm famous) - https://t.co/YYa4uEG1Ee

6:12pm July 5th 2014 via Falcon Pro

RT @sf2kuroppi: TOURNAMENT OF LEGENDS II qualifier pools and X-Mania USA pools are up! http://t.co/R6knsbC0ol #xmaniausa #tol2 #evo2014

8:39pm July 4th 2014 via Twitter Web Client

RT @xor: Qualcomm sends copyright takedowns to Github for 116 repos... including Qualcomm's. http://t.co/isnfB4iEUh

12:40pm July 4th 2014 via Falcon Pro

RT @Joshua_Brindle: A lot of people have retweeted about the selinux policy on blackphone but noone has given one, http://t.co/lEqj5MhKFF please :)

12:12pm July 4th 2014 via Falcon Pro

RT @JakeWharton: Google Play Services 5.0 is a monolith abomination. http://t.co/r5hIGEXQ11

12:07pm July 4th 2014 via Falcon Pro

Secure USB debugging bypass on Android 4.2.2 to 4.4.2 by @mwrlabs: authorize host on emergency dialer or camera - https://t.co/7UIf1OUgx7

9:32am July 4th 2014 via Twitter Web Client

@sf2kuroppi @arkadeum thanks for the quick reply! I hope 4G works fine then :)

12:18am July 4th 2014 via Falcon Pro in reply to sf2kuroppi

RT @sf2kuroppi: @pof If 4G is cooperative, @arkadeum will stream all of ToL II on Fri and all of X-Mania USA pools on Sat. Top 8 will be on Evo's stream

12:17am July 4th 2014 via Falcon Pro

@arkadeum @sf2kuroppi will the pools also be streamed for #tol2 & #xmaniausa, or only the finals? (planning to watch it live)

12:08am July 4th 2014 via Twitter Web Client

livestreamer: CLI utility that extracts stream from various services (eg: twitch) and pipes it into a video player - http://t.co/TbteJxP0dU

10:32pm July 3rd 2014 via Twitter Web Client

RT @AndroidPolice: BlackBerry CEO Talks Trash About Android Security, Sour Grapes Abundant http://t.co/meUzmH86IF

8:48pm July 3rd 2014 via Falcon Pro

RT @polsab: The ART Runtime talk from Google I/O 2014: http://t.co/6uiYkeFNMj

8:39pm July 3rd 2014 via Falcon Pro

RT @timstrazz: "secure" #Android rom "uhuru" http://t.co/eNdy1zLNbS @thegrugq -- sounds like BS to me; quoted peoples are… "interesting" (cc/ @cryptax)

8:38pm July 3rd 2014 via Falcon Pro

RT @Joshua_Brindle: anyone have the SELinux policy from a blackphone?

8:30pm July 3rd 2014 via Falcon Pro

RT @BlackHatEvents: This #BHUSA Briefing centers around @jduck's approach to dealing w/ the Android diversity problem & how to manage it http://t.co/3H6XHuZ

8:24pm July 3rd 2014 via Falcon Pro

RT @virusbtn: New paper: Obfuscation in Android malware, and how to fight back, by @cryptax and Ruchna Nigam https://t.co/4OjxU2YGcO

8:12pm July 3rd 2014 via Falcon Pro

RT @hashcat: oclHashcat v1.30 support added for cracking Android's full disk encryption! Calculated 100% on GPU = 365 kH/s on a single R9 290x

8:12pm July 3rd 2014 via Falcon Pro

RT @OwariDa: New blog post about the Futex vulnerability, with shout-outs to @comex and @tomcr00se (GeoHot) http://t.co/1k1hPWPH6a

12:52pm July 3rd 2014 via Twitter Web Client

RT @insitusec: nodejs adb client - uses the adb server socket protocol directly; can be used in place of cmd line client https://t.co/9hmU1oWT0H

7:26am July 2nd 2014 via Falcon Pro

RT @insitusec: python adb client - uses the adb server's socket protocol directly; can be used in place of the commandline client http://t.co/jZJqF9dPG6

7:26am July 2nd 2014 via Falcon Pro

@timstrazz @shen_ye is this on current ROM versions?

7:23am July 2nd 2014 via Falcon Pro in reply to timstrazz

RT @timstrazz: Unsure why pointing out a key used to sign a system level app was a compromised key is "shit", but OK? https://t.co/P0AErHpMdk

7:23am July 2nd 2014 via Falcon Pro

@mountainmanjed nice, will have a look when I'm on the computer (on mobile now)

7:52pm July 1st 2014 via Falcon Pro in reply to mountainmanjed

Game of Thrones intro on Famicom Disk System (Famitracker) - http://t.co/KdSnevDuci #chiptune

7:15pm July 1st 2014 via Falcon Pro

@mountainmanjed what game is that? addresses and values printed look like ST :)

7:10pm July 1st 2014 via Falcon Pro in reply to mountainmanjed

RT @ChainfireXDA: SuperSU update to v2.01 (flashable ZIP and CF-Auto-Roots as well), notes about Android L Preview: https://t.co/8YVW6WUP3G

5:05pm July 1st 2014 via Falcon Pro

RT @Fuzion24: Trigger for CVE-2014-3153 (futex bug/towel root) by @fi01_IS01 http://t.co/lmoKMnWgEE

4:18pm July 1st 2014 via Twitter Web Client