Pau Oliva Follow @pof

RT @Fuzion24: How I patched CVE-2015-1474 (GraphicsBuffer overflow - remotely exploitable) on my stock Nexus 5 : https://t.co/rET2MIGYJL

RT @4n6k: Capcom CPS2 Internals. Reversing Super Street Fighter 2 Turbo Retro-Arcade Cabinet Hacking by @pof : https://t.co/eVvaEv1rSS <-- awesome

Convergence in action on Ubuntu, demo on a x86 tablet, a Nexus 7 and a Nexus 4 - http://t.co/LnabvmvAJM

RT @collinrm: Mobile Security News Update February 2015 part 2 https://t.co/xhHZjTodOD soooo many links!

RT @zeewox: #lk commit : aboot: Add MDTP Firmware Lock support https://t.co/9ZSvqxdFFo #android #codeaurora #littlekernel #theft #prevention

RT @Mobile_Sec: The Mobile Application Hacker's Handbook is out http://t.co/aDfVVhBkbh

RT @jbqueru: That moment when you realize that CyanogenMod might be bigger than Blackberry...

RT @NowSecureMobile: ¡Hola Barcelona! Some of our team got together in Europe this week- also tagged @brackendev and @pof #mobilesecurity http://t.co/us6HvCFdn

RT @virqdroid: OAT File Format (ART, RE) - http://t.co/Uns6eMp35P ( via @polsab )

RT @stilgherrian: Gemalto has just issued a press release about the claimed NSA/GCHQ SIM card hack. https://t.co/5BfZufRQza (PDF) (1/2) #gemaltofuntimes

An Exploration of ARM TrustZone Technology - http://t.co/l3eMwNYFpy

RT @jduck: I made some commits on the https://t.co/3n8cX2V1gv! New features: regex support, reconfig shows which devices were added/removed! Update!

@falcon_android @joenrv still getting the error fetching tweets in the screenshot, clear app data didn't fix it. help http://t.co/7iouQwUhNo

RT @AndroidPolice: A Developer Has Gotten Android Wear To Work With An iPhone Without Jailbreaking http://t.co/ntcOuhaDuR

Evaluation of Security Solutions for Android Systems - [PDF] http://t.co/IAQsPd4AsX

Let's Hack Arcade Games: Microprocessor Fundamentals - http://t.co/lkhAaWEcUg

RT @ncweaver: If you think Lenovo's "just add ONE" root certificate is bad, you've not seen what Android vendors & carriers do: http://t.co/Tt3irGZlnW

RT @jonoberheide: Generating awareness for the corporate information security program. http://t.co/LbuU7ECfJn

RT @guardiannews: Sim card database hack gave US and UK spies access to billions of cellphones http://t.co/iAVEprVb6t

RT @kutyacica: Android apps can no longer get camera group permission, hence the lowered severities in the advisory. See also https://t.co/mDP2l26Jsu

RT @kutyacica: New CAF advisory: memory corruptions in camera drivers. Credit: Keen Team https://t.co/7I7DsRKAUt CVE-214-4321, -4324, -0975, -0976, -9409

RT @Fuzion24: It doesn't look like the patch (https://t.co/zz1ITJV2lV) for CVE-2015-1474 has made it into any branches yet (https://t.co/zMgMBgX5cX)

RT @TeamAndIRC: So CVE-2015-1474 is getting attributed to Qihoo 360 , anyone have a source for this attribution?

RT @andrototal_org: we are proud to announce the new http://t.co/brSbzLkDf6 thank you guys and sorry for the long downtime in the last few days!

RT @Fuzion24: Android CVE-2015-1474 https://t.co/WKVJuEgkR7 remotely exploitable + privilege escalation

I created a chrome extension that replaces jab/strong/fierce notation with LP/MP/HP on all @shoryukendotcom pages - https://t.co/wIPzfAyYqA

RT @reyammer: BREAKING: Android callbacks can (and do!) evade/screw up your static analysis! Our NDSS paper & dataset are out at http://t.co/7PSWwztwoF!

Apktool: Fixing Bug 713 - http://t.co/W3hmTLLfmE

RT @raviborgaonkar: So send a query (with mobile phone number) over the Inernet ---> results IMSI of the victim & serving SGSN IP addr http://t.co/AimT2

RT @raviborgaonkar: Intercepting your active-mobile-data (2G/3G/LTE) communication packets over the Internet http://t.co/u645XJRIjM #GSM #LTE #security

Xposed framework for Lollipop available in xda now - http://t.co/XZTJ2Skwq7

RT @dotMudge: POTUS must be getting close. Baseband alerts started lighting up like a x-mas tree :) http://t.co/Gikv2nNEIb

RT @AndroidDev: The WebView Beta channel is open for business. Test out your apps w/ the latest WebView before your users get updates http://t.co/NwOwlkETFq

RT @iBotPeaches: http://t.co/Y2HjwqsQGY - Apktool 2.0.0 RC4 has been released.

RT @jebdec: @Fuzion24 merging can (could) be used maliciously - extreme case: imagine an APK with N method refs spread over N classesX.dex

RT @jebdec: Newest JEB out, localized to 한국어, 日本語, 中文 and 7 more! Export to Smali, MultiDex merge, and more power-user feat. at http://t.co/bZTb

Q&A interview with Adrian Ludwig, lead engineer for Android security at Google - http://t.co/vXff21daFH

RT @maldr0id: If you want to get to better know the ARM instruction suite, have a look at this presentation: http://t.co/M8tgvt23il

RT @virqdroid: QUICK LOOK AT ANDROID LOLLIPOP’S MANAGED PROVISIONING - https://t.co/3huj2Jc9sX

RT @AndroidTamer: Interesting approach for Data extraction from mobile phone using ive and uconnect via infotainment system: http://t.co/pKChbjS42x

RT @kapitanpetko: Better late than never -- 'Lollipop Security Enhancements', #mceconf slides https://t.co/RncWwsVfxM

RT @riusksk: IDA plugin ADB Helper, support for native arm debugging via usb and sdk ADV manager：http://t.co/3rK5amEDnm http://t.co/1Fuczrl2S6

RT @collinrm: Mobile Security News Update February 2015 http://t.co/CmOYYtfg1p

RT @AndroidDev: “If you can measure it, you can optimize it.” @duhroach shows you how with “Profile GPU Rendering” #PERFMATTERS http://t.co/pLy2lkyiUh

RT @todb: @pof @droidsec slightly more complete link (includes needed external resources) https://t.co/K1m0tvubd2

RT @rapid7: R7-2015-02: Google Play Store X-Frame-Options (XFO) gaps enable Android Remote Code Execution (RCE) - http://t.co/bG8V8p16Ch by @todb

Xposed support for lollipop "soon... :) Working very well already" according to rovo89 - http://t.co/xmBiPi29bb http://t.co/EaudktXfvh

@timstrazz @0xroot @trufae a new free album from @sabrepulse released today - https://t.co/OCy5NcMwRX #chiptune

RT @Gunther_AR: This looks fun for disturbing friends if it really works. Google Email App 4.2.2 remote denial of service - http://t.co/rGzEUyCXlS

RT @ahoog42: I will discuss the pros and cons of containerization re: #mobile #security next week. Hope you can attend. https://t.co/KZodKzloZL

Metasploit Module for the Android Futex Requeue Kernel Exploit (towelroot) - http://t.co/tRBICqIOny

A Self-Compiling Android Dato Obfuscation Tool- [PDF] http://t.co/L2eSQX6Jrv

RT @cryptax: Another one. Want you #IMSI via #adb? $ service call iphonesubinfo 3 On #Android #rooted phones only.

RT @cryptax: Oh that #adb command works: $ settings get secure android_id it retrieves the #Android ID. Or you can query the #sqlite settings.db

Bindead: a static analysis tool for binaries - https://t.co/K04nbfyWST p9: GUI for BinDead - https://t.co/rPL6BJrsx0 http://t.co/1yRDcfmBEZ

RT @xdadevelopers: WhatsSpy Exposes WhatsApp's Broken Privacy https://t.co/SpvmxuH9AI

RT @haxelion: Let me introduce to you LD_NOT_PRELOADED_FOR_REAL, advanced detection and anti detection techniques for LD_PRELOAD: http://t.co/7fCoZAlJzQ

RT @capstone_engine: W0w, another cool tool (by Nokia) using Capstone inside: ArmExec, a lightweight native #Android runtime emulator! https://t.co/m7WnFJAn79

RT @Joshua_Brindle: Twitterverse, does anyone know whether the Qualcomm MSM8974AC has a shared memory arch between the baseband and application processor?

RT @claud_xiao: Can you imagine Internet service provider hijack customers' traffic to replace APKs they're downloading? Well in CN everything is possible.

LG On Screen Phone vulnerability - Technical details & PoC: https://t.co/nCDAafqNIV Demo: https://t.co/NVEkb5iOlo

"Wi-Fi Privacy Police" prevent your Android device from leaking the list of wifi networks it has connected to - https://t.co/iBJ1wfBpfq

@falcon_android @joenrv "Error fetching tweets, please try again later" been getting that a lot, is it a known issue? http://t.co/IJdckefcVA

RT @AndroidPolice: Chrome v41 Includes Privacy-Friendly Flag To Reduce Referrer Information In HTTP Headers http://t.co/fvl2ViOoFM

ElPollo: Xposed style framework for Lollipop in beta testing - http://t.co/743OuN7Slk

Remove Ads on Lollipop: Settings -> Wifi -> Add Network -> Advanced Options -> Proxy: Proxy Auto-Config -> PAC URL. http://t.co/jAOxk6yis5

RT @Mobile_Sec: "The Mobile Application Hacker's Handbook" http://t.co/aDfVVhSVjl

RT @timstrazz: TIL; An obvious, but simple anti-debug trick being using in #Android inotify_add_watch(fd, "/proc/self/maps", IN_OPEN)

RT @simonpang: This is how App Store ratings work. Welcome to the reality. http://t.co/0MyHmTeqwE

RT @djrbliss: @pof Maybe scnprintf() past end of counter_name array (MSM_PC_NUM_COUNTERS = 4) in msm_pc_debug_counters_copy (arch/arm/mach-msm/msm-pm.c)

$ adb shell cat /d/pc_debug_counter # this reboots a stock unrooted Nexus 6

RT @NowSecureMobile: Welcome to NowSecure, @trufae ! Happy to have you on board!

Very useful script to look up "service call" codes for specific Android versions - http://t.co/6BIdSSaJxq

RT @Amon_RA: Detect and avoid IMSI-Catchers, StingRay and Silent/Stealth SMS : https://t.co/3xuXxCZaNX

Security Weaknesses of the Android Advertising Ecosystem - [PDF] https://t.co/alAECcMshS

A database of environmental sensors included in smartphones, and which devices have them - http://t.co/0fBBUEY15e